CWE-190
AllowedInteger Overflow or Wraparound
Abstraction: Base · Status: Stable
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
3867 vulnerabilities reference this CWE, most recent first.
GHSA-7FW4-HR2X-G3X6
Vulnerability from github – Published: 2026-03-20 18:31 – Updated: 2026-03-23 15:30Bitcoin Core 0.13.0 through 29.x has an integer overflow.
{
"affected": [],
"aliases": [
"CVE-2025-46597"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-20T16:16:16Z",
"severity": "HIGH"
},
"details": "Bitcoin Core 0.13.0 through 29.x has an integer overflow.",
"id": "GHSA-7fw4-hr2x-g3x6",
"modified": "2026-03-23T15:30:33Z",
"published": "2026-03-20T18:31:18Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-46597"
},
{
"type": "WEB",
"url": "https://bitcoincore.org/en/2025/10/24/disclose-cve-2025-46597"
},
{
"type": "WEB",
"url": "https://github.com/bitcoin/bitcoin/releases"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7G2M-F3GP-R995
Vulnerability from github – Published: 2025-05-09 09:33 – Updated: 2025-11-12 21:31In the Linux kernel, the following vulnerability has been resolved:
scsi: st: Fix array overflow in st_setup()
Change the array size to follow parms size instead of a fixed value.
{
"affected": [],
"aliases": [
"CVE-2025-37857"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-09T07:16:06Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: st: Fix array overflow in st_setup()\n\nChange the array size to follow parms size instead of a fixed value.",
"id": "GHSA-7g2m-f3gp-r995",
"modified": "2025-11-12T21:31:02Z",
"published": "2025-05-09T09:33:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-37857"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/574b399a7fb6ae71c97e26d122205c4a720c0e43"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/736ae988bfb5932c05625baff70fba224d547c08"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/7fe3b4deed8b93609058c37c9a11df1d2b2c0423"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/a018d1cf990d0c339fe0e29b762ea5dc10567d67"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ad4c3037dc77739a625246a2a0fb23b8f3402c06"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c6015d0f7a2236ddb3928b2dfcb1c556a1368b55"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e4d1ca0a84a6650d3172eb8c07ef2fbc585b0d96"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e6b585d016c47ca8a37b92ea8a3fe35c0b585256"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f746fe0c51e044d1248dc67918328bfb3d86b639"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00030.html"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00045.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7G34-HMJ9-WXMC
Vulnerability from github – Published: 2022-05-24 17:35 – Updated: 2022-05-24 17:35An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow.
{
"affected": [],
"aliases": [
"CVE-2020-29384"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-11-30T16:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in PNGOUT 2020-01-15. When compressing a crafted PNG file, it encounters an integer overflow.",
"id": "GHSA-7g34-hmj9-wxmc",
"modified": "2022-05-24T17:35:16Z",
"published": "2022-05-24T17:35:16Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-29384"
},
{
"type": "WEB",
"url": "https://gist.github.com/mmmdzz/03df5177afd04b32ac190eb7907f3834"
},
{
"type": "WEB",
"url": "http://advsys.net/ken/utils.htm"
},
{
"type": "WEB",
"url": "http://www.jonof.id.au/kenutils.html"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7G39-C9PP-RQ4P
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.
{
"affected": [],
"aliases": [
"CVE-2021-22451"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-28T13:15:00Z",
"severity": "HIGH"
},
"details": "A component of the HarmonyOS has a Integer Overflow or Wraparound vulnerability. Local attackers may exploit this vulnerability to cause memory overwriting.",
"id": "GHSA-7g39-c9pp-rq4p",
"modified": "2022-05-24T19:19:09Z",
"published": "2022-05-24T19:19:09Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22451"
},
{
"type": "WEB",
"url": "https://device.harmonyos.com/cn/docs/security/update/security-bulletins-202107-0000001123874808"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7G47-VMVW-JCC2
Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.
{
"affected": [],
"aliases": [
"CVE-2020-13985"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-12-11T22:15:00Z",
"severity": "HIGH"
},
"details": "An issue was discovered in Contiki through 3.0. A memory corruption vulnerability exists in the uIP TCP/IP stack component when handling RPL extension headers of IPv6 network packets in rpl_remove_header in net/rpl/rpl-ext-header.c.",
"id": "GHSA-7g47-vmvw-jcc2",
"modified": "2022-05-24T17:36:00Z",
"published": "2022-05-24T17:36:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-13985"
},
{
"type": "WEB",
"url": "https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/815128"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-7G63-2RPP-XVQC
Vulnerability from github – Published: 2025-01-11 15:30 – Updated: 2025-09-23 15:31In the Linux kernel, the following vulnerability has been resolved:
ring-buffer: Fix overflow in __rb_map_vma
An overflow occurred when performing the following calculation:
nr_pages = ((nr_subbufs + 1) << subbuf_order) - pgoff;
Add a check before the calculation to avoid this problem.
syzbot reported this as a slab-out-of-bounds in __rb_map_vma:
BUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 Read of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836
CPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0 Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024 Call Trace: __dump_stack lib/dump_stack.c:94 [inline] dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120 print_address_description mm/kasan/report.c:378 [inline] print_report+0xc3/0x620 mm/kasan/report.c:489 kasan_report+0xd9/0x110 mm/kasan/report.c:602 __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058 ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138 tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482 call_mmap include/linux/fs.h:2183 [inline] mmap_file mm/internal.h:124 [inline] __mmap_new_file_vma mm/vma.c:2291 [inline] __mmap_new_vma mm/vma.c:2355 [inline] __mmap_region+0x1786/0x2670 mm/vma.c:2456 mmap_region+0x127/0x320 mm/mmap.c:1348 do_mmap+0xc00/0xfc0 mm/mmap.c:496 vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580 ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542 __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline] __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline] __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82 do_syscall_x64 arch/x86/entry/common.c:52 [inline] do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83 entry_SYSCALL_64_after_hwframe+0x77/0x7f
The reproducer for this bug is:
------------------------8<------------------------- #include #include #include #include #include
int main(int argc, char *argv) { int page_size = getpagesize(); int fd; void meta;
system("echo 1 > /sys/kernel/tracing/buffer_size_kb");
fd = open("/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw", O_RDONLY);
meta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5);
} ------------------------>8-------------------------
{
"affected": [],
"aliases": [
"CVE-2024-56368"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-01-11T13:15:28Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nring-buffer: Fix overflow in __rb_map_vma\n\nAn overflow occurred when performing the following calculation:\n\n nr_pages = ((nr_subbufs + 1) \u003c\u003c subbuf_order) - pgoff;\n\nAdd a check before the calculation to avoid this problem.\n\nsyzbot reported this as a slab-out-of-bounds in __rb_map_vma:\n\nBUG: KASAN: slab-out-of-bounds in __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058\nRead of size 8 at addr ffff8880767dd2b8 by task syz-executor187/5836\n\nCPU: 0 UID: 0 PID: 5836 Comm: syz-executor187 Not tainted 6.13.0-rc2-syzkaller-00159-gf932fb9b4074 #0\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 11/25/2024\nCall Trace:\n \u003cTASK\u003e\n __dump_stack lib/dump_stack.c:94 [inline]\n dump_stack_lvl+0x116/0x1f0 lib/dump_stack.c:120\n print_address_description mm/kasan/report.c:378 [inline]\n print_report+0xc3/0x620 mm/kasan/report.c:489\n kasan_report+0xd9/0x110 mm/kasan/report.c:602\n __rb_map_vma+0x9ab/0xae0 kernel/trace/ring_buffer.c:7058\n ring_buffer_map+0x56e/0x9b0 kernel/trace/ring_buffer.c:7138\n tracing_buffers_mmap+0xa6/0x120 kernel/trace/trace.c:8482\n call_mmap include/linux/fs.h:2183 [inline]\n mmap_file mm/internal.h:124 [inline]\n __mmap_new_file_vma mm/vma.c:2291 [inline]\n __mmap_new_vma mm/vma.c:2355 [inline]\n __mmap_region+0x1786/0x2670 mm/vma.c:2456\n mmap_region+0x127/0x320 mm/mmap.c:1348\n do_mmap+0xc00/0xfc0 mm/mmap.c:496\n vm_mmap_pgoff+0x1ba/0x360 mm/util.c:580\n ksys_mmap_pgoff+0x32c/0x5c0 mm/mmap.c:542\n __do_sys_mmap arch/x86/kernel/sys_x86_64.c:89 [inline]\n __se_sys_mmap arch/x86/kernel/sys_x86_64.c:82 [inline]\n __x64_sys_mmap+0x125/0x190 arch/x86/kernel/sys_x86_64.c:82\n do_syscall_x64 arch/x86/entry/common.c:52 [inline]\n do_syscall_64+0xcd/0x250 arch/x86/entry/common.c:83\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\n\nThe reproducer for this bug is:\n\n------------------------8\u003c-------------------------\n #include \u003cfcntl.h\u003e\n #include \u003cstdlib.h\u003e\n #include \u003cunistd.h\u003e\n #include \u003casm/types.h\u003e\n #include \u003csys/mman.h\u003e\n\n int main(int argc, char **argv)\n {\n\tint page_size = getpagesize();\n\tint fd;\n\tvoid *meta;\n\n\tsystem(\"echo 1 \u003e /sys/kernel/tracing/buffer_size_kb\");\n\tfd = open(\"/sys/kernel/tracing/per_cpu/cpu0/trace_pipe_raw\", O_RDONLY);\n\n\tmeta = mmap(NULL, page_size, PROT_READ, MAP_SHARED, fd, page_size * 5);\n }\n------------------------\u003e8-------------------------",
"id": "GHSA-7g63-2rpp-xvqc",
"modified": "2025-09-23T15:31:07Z",
"published": "2025-01-11T15:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-56368"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/c58a812c8e49ad688f94f4b050ad5c5b388fc5d2"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/ec12f30fe54234dd40ffee50dda8d2df10bd0871"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7G6W-WX5F-P467
Vulnerability from github – Published: 2022-05-14 03:03 – Updated: 2022-05-14 03:03An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the "batchOverflow" issue.
{
"affected": [],
"aliases": [
"CVE-2018-10299"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-04-23T04:29:00Z",
"severity": "HIGH"
},
"details": "An integer overflow in the batchTransfer function of a smart contract implementation for Beauty Ecosystem Coin (BEC), the Ethereum ERC20 token used in the Beauty Chain economic system, allows attackers to accomplish an unauthorized increase of digital assets by providing two _receivers arguments in conjunction with a large _value argument, as exploited in the wild in April 2018, aka the \"batchOverflow\" issue.",
"id": "GHSA-7g6w-wx5f-p467",
"modified": "2022-05-14T03:03:36Z",
"published": "2022-05-14T03:03:36Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-10299"
},
{
"type": "WEB",
"url": "https://dasp.co/#item-3"
},
{
"type": "WEB",
"url": "https://medium.com/secbit-media/a-disastrous-vulnerability-found-in-smart-contracts-of-beautychain-bec-dbf24ddbc30e"
},
{
"type": "WEB",
"url": "https://peckshield.com/2018/04/22/batchOverflow"
},
{
"type": "WEB",
"url": "https://support.okex.com/hc/en-us/articles/360002944212-BeautyChain-BEC-Withdrawal-and-Trading-Suspended"
},
{
"type": "WEB",
"url": "https://twitter.com/OKEx_/status/987967343983714304"
},
{
"type": "WEB",
"url": "https://www.reddit.com/r/ethereum/comments/8esyg9/okex_erc20_bug"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-7G8J-9JF2-66WX
Vulnerability from github – Published: 2022-04-19 00:00 – Updated: 2022-04-27 00:00An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.
{
"affected": [],
"aliases": [
"CVE-2020-6099"
],
"database_specific": {
"cwe_ids": [
"CWE-190",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-04-18T17:15:00Z",
"severity": "HIGH"
},
"details": "An exploitable code execution vulnerability exists in the file format parsing functionality of Graphisoft BIMx Desktop Viewer 2019.2.2328. A specially crafted file can cause a heap buffer overflow resulting in a code execution. An attacker can provide a malicious file to trigger this vulnerability.",
"id": "GHSA-7g8j-9jf2-66wx",
"modified": "2022-04-27T00:00:26Z",
"published": "2022-04-19T00:00:50Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-6099"
},
{
"type": "WEB",
"url": "https://talosintelligence.com/vulnerability_reports/TALOS-2020-1032"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7GG2-3R7F-V522
Vulnerability from github – Published: 2026-03-25 03:31 – Updated: 2026-03-25 21:30An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3. Processing a maliciously crafted string may lead to heap corruption.
{
"affected": [],
"aliases": [
"CVE-2026-20639"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-03-25T01:17:04Z",
"severity": "HIGH"
},
"details": "An integer overflow was addressed with improved input validation. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.3. Processing a maliciously crafted string may lead to heap corruption.",
"id": "GHSA-7gg2-3r7f-v522",
"modified": "2026-03-25T21:30:28Z",
"published": "2026-03-25T03:31:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-20639"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126348"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126795"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/126796"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-7GGM-M49M-FF38
Vulnerability from github – Published: 2023-02-14 21:30 – Updated: 2025-10-22 00:32Windows Graphics Component Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-21823"
],
"database_specific": {
"cwe_ids": [
"CWE-190"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-02-14T21:15:00Z",
"severity": "HIGH"
},
"details": "Windows Graphics Component Remote Code Execution Vulnerability",
"id": "GHSA-7ggm-m49m-ff38",
"modified": "2025-10-22T00:32:43Z",
"published": "2023-02-14T21:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-21823"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-21823"
},
{
"type": "WEB",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2023-21823"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.
Mitigation MIT-3
Strategy: Language Selection
- Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- If possible, choose a language or compiler that performs automatic bounds checking.
Mitigation MIT-4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid [REF-1482].
- Use libraries or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). [REF-106]
Mitigation MIT-8
Strategy: Input Validation
- Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
- Use unsigned integers where possible. This makes it easier to perform validation for integer overflows. When signed integers are required, ensure that the range check includes minimum values as well as maximum values.
Mitigation MIT-36
- Understand the programming language's underlying representation and how it interacts with numeric calculation (CWE-681). Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how the language handles numbers that are too large or too small for its underlying representation. [REF-7]
- Also be careful to account for 32-bit, 64-bit, and other potential differences that may affect the numeric representation.
Mitigation MIT-15
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-92: Forced Integer Overflow
This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.