CWE-190
AllowedInteger Overflow or Wraparound
Abstraction: Base · Status: Stable
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
3870 vulnerabilities reference this CWE, most recent first.
GHSA-5H57-VHR8-8F95
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650338
{
"affected": [],
"aliases": [
"CVE-2020-27051"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-15T17:15:00Z",
"severity": "HIGH"
},
"details": "In NFA_RwI93WriteMultipleBlocks of nfa_rw_api.cc, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-157650338",
"id": "GHSA-5h57-vhr8-8f95",
"modified": "2022-05-24T17:36:31Z",
"published": "2022-05-24T17:36:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27051"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2020-12-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5H99-V444-6MX2
Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361.
{
"affected": [],
"aliases": [
"CVE-2017-10954"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-31T19:29:00Z",
"severity": "HIGH"
},
"details": "This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Bitdefender Internet Security Internet Security 2018 prior to build 7.72918. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within pdf.xmd. The issue results from the lack of proper validation of user-supplied data, which can result in an integer overflow before allocating a buffer. An attacker can leverage this vulnerability to execute code under the context of SYSTEM. Was ZDI-CAN-4361.",
"id": "GHSA-5h99-v444-6mx2",
"modified": "2022-05-13T01:38:17Z",
"published": "2022-05-13T01:38:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-10954"
},
{
"type": "WEB",
"url": "https://zerodayinitiative.com/advisories/ZDI-17-717"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100676"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5H9H-MHR4-5FW4
Vulnerability from github – Published: 2022-05-14 03:03 – Updated: 2022-05-14 03:03The mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.
{
"affected": [],
"aliases": [
"CVE-2018-13507"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-09T06:29:00Z",
"severity": "HIGH"
},
"details": "The mintToken function of a smart contract implementation for SLCAdvancedToken, an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any value.",
"id": "GHSA-5h9h-mhr4-5fw4",
"modified": "2022-05-14T03:03:42Z",
"published": "2022-05-14T03:03:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-13507"
},
{
"type": "WEB",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/blob/master/GEMCHAIN/mint%20integer%20overflow.md"
},
{
"type": "WEB",
"url": "https://github.com/BlockChainsSecurity/EtherTokens/tree/master/SLCAdvancedToken"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-5HFQ-6GVM-PW8C
Vulnerability from github – Published: 2024-12-24 12:30 – Updated: 2025-11-03 21:31In the Linux kernel, the following vulnerability has been resolved:
um: Fix potential integer overflow during physmem setup
This issue happens when the real map size is greater than LONG_MAX, which can be easily triggered on UML/i386.
{
"affected": [],
"aliases": [
"CVE-2024-53145"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-12-24T12:15:22Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\num: Fix potential integer overflow during physmem setup\n\nThis issue happens when the real map size is greater than LONG_MAX,\nwhich can be easily triggered on UML/i386.",
"id": "GHSA-5hfq-6gvm-pw8c",
"modified": "2025-11-03T21:31:45Z",
"published": "2024-12-24T12:30:42Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53145"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1575df968650d11771359e5ac78278c5b0cc19f3"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1bd118c5f887802cef2d9ba0d1917258667f1cae"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5c710f45811e7e2bfcf703980c306f19c7e1ecfe"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a875c023155ea92b75d6323977003e64d92ae7fc"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a98b7761f697e590ed5d610d87fa12be66f23419"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a9c95f787b88b29165563fd97761032db77116e7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d1a211e5210d31da8f49fc0021bf7129b726468c"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e6102b72edc4eb8c0858df00ba74b5ce579c8fa2"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00001.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/03/msg00002.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5HM6-WPG3-FV45
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2025-04-20 03:30An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.
{
"affected": [],
"aliases": [
"CVE-2016-8704"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-01-06T21:59:00Z",
"severity": "CRITICAL"
},
"details": "An integer overflow in the process_bin_append_prepend function in Memcached, which is responsible for processing multiple commands of Memcached binary protocol, can be abused to cause heap overflow and lead to remote code execution.",
"id": "GHSA-5hm6-wpg3-fv45",
"modified": "2025-04-20T03:30:50Z",
"published": "2022-05-13T01:01:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8704"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0059"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201701-12"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2819.html"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2016-2820.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3704"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/94083"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037333"
},
{
"type": "WEB",
"url": "http://www.talosintelligence.com/reports/TALOS-2016-0219"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5HQ7-X8GH-4PRP
Vulnerability from github – Published: 2022-05-13 01:01 – Updated: 2022-05-13 01:01An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2017-12108"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-24T19:29:00Z",
"severity": "HIGH"
},
"details": "An exploitable integer overflow vulnerability exists in the xls_preparseWorkSheet function of libxls 1.4 when handling a MULBLANK record. A specially crafted XLS file can cause a memory corruption resulting in remote code execution. An attacker can send malicious XLS file to trigger this vulnerability.",
"id": "GHSA-5hq7-x8gh-4prp",
"modified": "2022-05-13T01:01:38Z",
"published": "2022-05-13T01:01:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12108"
},
{
"type": "WEB",
"url": "https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0460"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5HX2-QX8J-QJQM
Vulnerability from github – Published: 2021-11-10 19:33 – Updated: 2024-11-07 22:09Impact
If tf.image.resize is called with a large input argument then the TensorFlow process will crash due to a CHECK-failure caused by an overflow.
import tensorflow as tf
import numpy as np
tf.keras.layers.UpSampling2D(
size=1610637938,
data_format='channels_first',
interpolation='bilinear')(np.ones((5,1,1,1)))
The number of elements in the output tensor is too much for the int64_t type and the overflow is detected via a CHECK statement. This aborts the process.
Patches
We have patched the issue in GitHub commit e5272d4204ff5b46136a1ef1204fc00597e21837 (merging #51497).
The fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.
For more information
Please consult our security guide for more information regarding the security model and how to contact us with issues and questions.
Attribution
This vulnerability has been reported externally via a GitHub issue.
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-cpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.6.0"
},
{
"fixed": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "2.5.0"
},
{
"fixed": "2.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "PyPI",
"name": "tensorflow-gpu"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.4.4"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-41199"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": true,
"github_reviewed_at": "2021-11-08T22:51:41Z",
"nvd_published_at": "2021-11-05T20:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\nIf `tf.image.resize` is called with a large input argument then the TensorFlow process will crash due to a `CHECK`-failure caused by an overflow.\n\n```python\nimport tensorflow as tf\nimport numpy as np\n\ntf.keras.layers.UpSampling2D(\n size=1610637938,\n data_format=\u0027channels_first\u0027,\n interpolation=\u0027bilinear\u0027)(np.ones((5,1,1,1)))\n```\n\nThe number of elements in the output tensor is too much for the `int64_t` type and the overflow is detected via a `CHECK` statement. This aborts the process.\n\n### Patches\nWe have patched the issue in GitHub commit [e5272d4204ff5b46136a1ef1204fc00597e21837](https://github.com/tensorflow/tensorflow/commit/e5272d4204ff5b46136a1ef1204fc00597e21837) (merging [#51497](https://github.com/tensorflow/tensorflow/pull/51497)).\n\nThe fix will be included in TensorFlow 2.7.0. We will also cherrypick this commit on TensorFlow 2.6.1, TensorFlow 2.5.2, and TensorFlow 2.4.4, as these are also affected and still in supported range.\n\n### For more information\nPlease consult [our security guide](https://github.com/tensorflow/tensorflow/blob/master/SECURITY.md) for more information regarding the security model and how to contact us with issues and questions.\n\n### Attribution\nThis vulnerability has been reported externally via a [GitHub issue](https://github.com/tensorflow/tensorflow/issues/46914).",
"id": "GHSA-5hx2-qx8j-qjqm",
"modified": "2024-11-07T22:09:52Z",
"published": "2021-11-10T19:33:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5hx2-qx8j-qjqm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41199"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/issues/46914"
},
{
"type": "WEB",
"url": "https://github.com/tensorflow/tensorflow/commit/e5272d4204ff5b46136a1ef1204fc00597e21837"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-cpu/PYSEC-2021-609.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow-gpu/PYSEC-2021-807.yaml"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/tensorflow/PYSEC-2021-392.yaml"
},
{
"type": "PACKAGE",
"url": "https://github.com/tensorflow/tensorflow"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
],
"summary": "Overflow/crash in `tf.image.resize` when size is large"
}
GHSA-5J64-84JF-59Q3
Vulnerability from github – Published: 2026-04-24 15:32 – Updated: 2026-04-27 15:30In the Linux kernel, the following vulnerability has been resolved:
rxrpc: Fix integer overflow in rxgk_verify_response()
In rxgk_verify_response(), there's a potential integer overflow due to rounding up token_len before checking it, thereby allowing the length check to be bypassed.
Fix this by checking the unrounded value against len too (len is limited as the response must fit in a single UDP packet).
{
"affected": [],
"aliases": [
"CVE-2026-31633"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-24T15:16:42Z",
"severity": "CRITICAL"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nrxrpc: Fix integer overflow in rxgk_verify_response()\n\nIn rxgk_verify_response(), there\u0027s a potential integer overflow due to\nrounding up token_len before checking it, thereby allowing the length check to\nbe bypassed.\n\nFix this by checking the unrounded value against len too (len is limited as\nthe response must fit in a single UDP packet).",
"id": "GHSA-5j64-84jf-59q3",
"modified": "2026-04-27T15:30:46Z",
"published": "2026-04-24T15:32:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-31633"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1f864d9daaf622aeaa774404fd51e7d6a435b046"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/699e52180f4231c257821c037ed5c99d5eb0edb8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c1e242beb6b1efc3c286f617e8d940c8fbf2ed41"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-5JJC-6F35-8HMP
Vulnerability from github – Published: 2022-05-13 01:04 – Updated: 2022-05-13 01:04Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.
{
"affected": [],
"aliases": [
"CVE-2013-4391"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2013-10-28T22:55:00Z",
"severity": "HIGH"
},
"details": "Integer overflow in the valid_user_field function in journal/journald-native.c in systemd allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large journal data field, which triggers a heap-based buffer overflow.",
"id": "GHSA-5jjc-6f35-8hmp",
"modified": "2022-05-13T01:04:12Z",
"published": "2022-05-13T01:04:12Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4391"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=859051"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201612-34"
},
{
"type": "WEB",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725357"
},
{
"type": "WEB",
"url": "http://cgit.freedesktop.org/systemd/systemd/commit/?id=505b6a61c22d5565e9308045c7b9bf79f7d0517e"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2013/dsa-2777"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2013/10/01/9"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-5JPR-M45Q-RQQ4
Vulnerability from github – Published: 2022-05-13 01:27 – Updated: 2022-05-13 01:27In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.
{
"affected": [],
"aliases": [
"CVE-2018-14341"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-07-19T02:29:00Z",
"severity": "HIGH"
},
"details": "In Wireshark 2.6.0 to 2.6.1, 2.4.0 to 2.4.7, and 2.2.0 to 2.2.15, the DICOM dissector could go into a large or infinite loop. This was addressed in epan/dissectors/packet-dcm.c by preventing an offset overflow.",
"id": "GHSA-5jpr-m45q-rqq4",
"modified": "2022-05-13T01:27:51Z",
"published": "2022-05-13T01:27:51Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14341"
},
{
"type": "WEB",
"url": "https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=14742"
},
{
"type": "WEB",
"url": "https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=2e716c32be6aa20e1813b0002878853e71f8b2f4"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00045.html"
},
{
"type": "WEB",
"url": "https://www.wireshark.org/security/wnpa-sec-2018-39.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00027.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104847"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041608"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
- Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Strategy: Input Validation
- Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
- Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
- Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
- Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.