CWE-190Integer Overflow or Wraparound

Description

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Common consequences

• Availability→DoS: Crash, Exit, or Restart,DoS: Resource Consumption (Memory),DoS: Instability
  This weakness can generally lead to undefined behavior and therefore crashes. When the calculated result is used for resource allocation, this weakness can cause too many (or too few) resources to be allocated, possibly enabling crashes if
• Integrity→Modify Memory
  If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the overflow/wraparound results in other conditions such as buffer overflows, further memory corruption may occur.
• Confidentiality,Availability,Access Control→Execute Unauthorized Code or Commands,Bypass Protection Mechanism
  This weakness can sometimes trigger buffer overflows, which can be used to execute arbitrary code. This is usually outside the scope of the product's implicit security policy.
• Availability,Other→Alter Execution Logic,DoS: Crash, Exit, or Restart,DoS: Resource Consumption (CPU)
  If the overflow/wraparound occurs in a loop index variable, this could cause the loop to terminate at the wrong time - too early, too late, or not at all (i.e., infinite loops). With too many iterations, some loops could consume too many re
• Access Control→Bypass Protection Mechanism
  If integer values are used in security-critical decisions, such as calculating quotas or allocation limits, integer overflows can be used to cause an incorrect security decision.

Potential mitigations

• Requirements
  Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.
• Requirements
  [object Object]
• Architecture and Design
  [object Object]
• Implementation
  [object Object]
• Implementation
  [object Object]
• Architecture and Design
  For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
• Implementation
  Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.

Related CWEs

Recent CVEs classified under this CWE