CWE-839
Numeric Range Comparison Without Minimum Check
The product checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.
Mitigation
Phase: Implementation
Strategy: Enforcement by Conversion
Description:
- If the number to be used is always expected to be positive, change the variable type from signed to unsigned or size_t.
Mitigation
Phase: Implementation
Strategy: Input Validation
Description:
- If the number to be used could have a negative value based on the specification (thus requiring a signed value), but the number should only be positive to preserve code correctness, then include a check to ensure that the value is positive.
No CAPEC attack patterns related to this CWE.