[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244411

 
 

909

 
 

193363

 
 

277

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Incorrect Conversion between Numeric Types

ID: 681Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Base





Description

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Likelihood of Exploit: Medium to High

Applicable Platforms
Language Class: Language-Independent

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Other
Integrity
 
Unexpected state
Quality degradation
 
The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability.
 

Detection Methods
None

Potential Mitigations

PhaseStrategyDescriptionEffectivenessNotes
Implementation
 
 Avoid making conversion between numeric types. Always check for the allowed ranges.
 
  

Relationships

Related CWETypeViewChain
CWE-681 ChildOf CWE-885 Category CWE-888  

Demonstrative Examples   (Details)

  1. In the following Java example, a float literal is cast to an integer, thus causing a loss of precision.
  2. In this example the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned int, amount will be implicitly converted to unsigned. (Demonstrative Example Id DX-73)
  3. In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number. (Demonstrative Example Id DX-74)
  4. This code adds a float and an integer together, casting the result to an integer.

Observed Examples

  1. CVE-2007-4268 : Chain: integer signedness passes signed comparison, leads to heap overflow
  2. CVE-2007-4988 : Chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.
  3. CVE-2009-0231 : Integer truncation of length value leads to heap-based buffer overflow.
  4. CVE-2008-3282 : Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CERT C Secure Coding FLP33-C
 
Convert integers to floating point for floating point operations
 
 
CERT C Secure Coding FLP34-C
 
Ensure that floating point conversions are within range of the new type
 
 
CERT C Secure Coding INT15-C
 
Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types
 
 
CERT C Secure Coding INT31-C
 
Ensure that integer conversions do not result in lost or misinterpreted data
 
 
CERT C Secure Coding INT35-C
 
Evaluate integer expressions in a larger size before comparing or assigning to that size
 
 
CERT Java Secure Coding NUM12-J
 
Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data
 
 
CERT C++ Secure Coding INT15-CPP
 
Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types
 
 
CERT C++ Secure Coding INT31-CPP
 
Ensure that integer conversions do not result in lost or misinterpreted data
 
 
CERT C++ Secure Coding INT35-CPP
 
Evaluate integer expressions in a larger size before comparing or assigning to that size
 
 
CERT C++ Secure Coding FLP33-CPP
 
Convert integers to floating point for floating point operations
 
 
CERT C++ Secure Coding FLP34-CPP
 
Ensure that floating point conversions are within range of the new type
 
 

References:

  1. Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 6, "Type Conversions", Page 223.'. Published on 2006.
CVE    30
CVE-2021-21861
CVE-2021-21860
CVE-2021-29539
CVE-2021-32461
...

© SecPod Technologies