[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

249461

 
 

909

 
 

195508

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Signed to Unsigned Conversion Error

ID: 195Date: (C)2012-05-14   (M)2022-10-10
Type: weaknessStatus: DRAFT
Abstraction Type: Variant





Description

A signed-to-unsigned conversion error takes place when a signed primitive is used as an unsigned value, usually as a size variable.

Extended Description

It is dangerous to rely on implicit casts between signed and unsigned numbers because the result can take on an unexpected value and violate assumptions made by the program.

Applicable Platforms
Language: C
Language: C++

Time Of Introduction

  • Implementation

Common Consequences

ScopeTechnical ImpactNotes
Integrity
 		Unexpected state
 		Conversion between signed and unsigned values can lead to a variety of errors, but from a security standpoint is most commonly associated with integer overflow and buffer overflow vulnerabilities.
 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-195 ChildOf CWE-885 Category CWE-888  

Demonstrative Examples   (Details)

  1. In this example the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned int, amount will be implicitly converted to unsigned. (Demonstrative Example Id DX-73)
  2. In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number. (Demonstrative Example Id DX-74)
  3. The following code is intended to read an incoming packet from a socket and extract one or more headers. (Demonstrative Example Id DX-21)
  4. This example processes user input comprised of a series of variable-length structures. The first 2 bytes of input dictate the size of the structure to be processed.

Observed Examples

  1. CVE-2007-4268 : Chain: integer signedness passes signed comparison, leads to heap overflow

For more examples, refer to CVE relations in the bottom box.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CLASP  Signed to unsigned conversion error
 		 

References:

  1. Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 6, "Type Conversions", Page 223.'. Published on 2006.

© SecPod Technologies