Integer Coercion ErrorID: 192 | Date: (C)2012-05-14 (M)2022-10-10 |
Type: category | Status: INCOMPLETE |
Description
Integer coercion refers to a set of flaws pertaining to the
type casting, extension, or truncation of primitive data
types.
Extended DescriptionSeveral flaws fall under the category of integer coercion errors. For the
most part, these errors in and of themselves result only in availability and
data integrity issues. However, in some circumstances, they may result in
other, more complicated security related flaws, such as buffer overflow
conditions.
Likelihood of Exploit: Medium
Applicable PlatformsLanguage: CLanguage: C++Language: JavaLanguage: .NET
Time Of Introduction
Common Consequences
Scope | Technical Impact | Notes |
---|
Availability | DoS: resource consumption
(CPU)DoS: resource consumption
(memory)DoS: crash / exit /
restart | Integer coercion often leads to undefined states of execution
resulting in infinite loops or crashes. |
IntegrityConfidentialityAvailability | Execute unauthorized code or
commands | In some cases, integer coercion errors can lead to exploitable buffer
overflow conditions, resulting in the execution of arbitrary
code. |
IntegrityOther | Other | Integer coercion errors result in an incorrect value being stored for
the variable in question. |
Detection MethodsNone
Potential Mitigations
Phase | Strategy | Description | Effectiveness | Notes |
---|
Requirements | | A language which throws exceptions on ambiguous data casts might be
chosen. | | |
Architecture and Design | | Design objects and program flow such that multiple or complex casts
are unnecessary | | |
Implementation | | Ensure that any data type casting that you must used is entirely
understood in order to reduce the plausibility of error in use. | | |
Relationships
Related CWE | Type | View | Chain |
---|
CWE-192 ChildOf CWE-872 | Category | CWE-868 | |
Demonstrative Examples (Details)
- The following code is intended to read an incoming packet from a
socket and extract one or more headers. (Demonstrative Example Id DX-21)
- The following code reads a maximum size and performs a sanity check
on that size. It then performs a strncpy, assuming it will not exceed the
boundaries of the array. While the use of "short s" is forced in this
particular example, short int's are frequently used within real-world code,
such as code that processes structured data. (Demonstrative Example Id DX-23)
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
Taxynomy | Id | Name | Fit |
---|
CLASP | | Integer coercion error | |
CERT C Secure Coding | INT02-C | Understand integer conversion rules | |
CERT C Secure Coding | INT05-C | Do not use input functions to convert character data if they
cannot handle all possible inputs | |
CERT C Secure Coding | INT31-C | Ensure that integer conversions do not result in lost or
misinterpreted data | |
CERT C++ Secure Coding | INT02-CPP | Understand integer conversion rules | |
CERT C++ Secure Coding | INT05-CPP | Do not use input functions to convert character data if they
cannot handle all possible inputs | |
CERT C++ Secure Coding | INT31-CPP | Ensure that integer conversions do not result in lost or
misinterpreted data | |
References:
- Michael Howard David LeBlanc John Viega .24 Deadly Sins of Software Security. McGraw-Hill. Section:'"Sin 7: Integer Overflows." Page 119'. Published on 2010.
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 6, "Sign Extension", Page 248.'. Published on 2006.