Integer Underflow (Wrap or Wraparound)| ID: 191 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Base |
Description
The product subtracts one value from another, such that the
result is less than the minimum allowable integer value, which produces a value
that is not equal to the correct result.
Extended DescriptionThis can happen in signed and unsigned cases.
Applicable PlatformsLanguage: CLanguage: C++Language: JavaLanguage: .NET
Time Of Introduction
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Availability | DoS: crash / exit /
restartDoS: resource consumption
(CPU)DoS: resource consumption
(memory)DoS: instability | This weakness will generally lead to undefined behavior and therefore
crashes. In the case of overflows involving loop index variables, the
likelihood of infinite loops is also high. |
| Integrity | Modify memory | If the value in question is important to data (as opposed to flow),
simple data corruption has occurred. Also, if the wrap around results in
other conditions such as buffer overflows, further memory corruption may
occur. |
| ConfidentialityAvailabilityAccess_Control | Execute unauthorized code or
commandsBypass protection
mechanism | This weakness can sometimes trigger buffer overflows which can be used
to execute arbitrary code. This is usually outside the scope of a
program's implicit security policy. |
Detection MethodsNone
Potential MitigationsNone
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-191 ChildOf CWE-885 | Category | CWE-888 | |
Demonstrative Examples (Details)
- The following example has an integer underflow. The value of i is
already at the lowest negative value possible. The new value of i is
2147483647.
Observed Examples
- CVE-2004-0816 : Integer underflow in firewall via malformed packet.
- CVE-2004-1002 : Integer underflow by packet with invalid length.
- CVE-2005-0199 : Long input causes incorrect length calculation.
- CVE-2005-1891 : Malformed icon causes integer underflow in loop counter variable.
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| PLOVER | | Integer underflow (wrap or wraparound) | |
References:
- Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 7: Integer Overflows." Page 119'. Published on 2010.
