[Forgot Password]
Login  Register Subscribe

23631

 
 

115083

 
 

97147

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Integer Underflow (Wrap or Wraparound)

ID: 191Date: (C)2012-05-14   (M)2017-11-15
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

Extended Description

This can happen in signed and unsigned cases.

Applicable Platforms
Language: C
Language: C++
Language: Java
Language: .NET

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Availability
 
DoS: crash / exit / restart
DoS: resource consumption (CPU)
DoS: resource consumption (memory)
DoS: instability
 
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
 
Integrity
 
Modify memory
 
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
 
Confidentiality
Availability
Access_Control
 
Execute unauthorized code or commands
Bypass protection mechanism
 
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-191 ChildOf CWE-885 Category CWE-888  

Demonstrative Examples   (Details)

  1. The following example has an integer underflow. The value of i is already at the lowest negative value possible. The new value of i is 2147483647.

Observed Examples

  1. CVE-2004-0816 : Integer underflow in firewall via malformed packet.
  2. CVE-2004-1002 : Integer underflow by packet with invalid length.
  3. CVE-2005-0199 : Long input causes incorrect length calculation.
  4. CVE-2005-1891 : Malformed icon causes integer underflow in loop counter variable.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
PLOVER  Integer underflow (wrap or wraparound)
 
 

References:

  1. Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 7: Integer Overflows." Page 119'. Published on 2010.

© 2013 SecPod Technologies