Unsigned to Signed Conversion Error| ID: 196 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Variant |
Description
An unsigned-to-signed conversion error takes place when a large
unsigned primitive is used as a signed value.
Likelihood of Exploit: Medium
Applicable PlatformsLanguage: CLanguage: C++
Time Of Introduction
Related Attack Patterns
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Availability | DoS: crash / exit /
restart | Incorrect sign conversions generally lead to undefined behavior, and
therefore crashes. |
| Integrity | Modify memory | If a poor cast lead to a buffer overflow or similar condition, data
integrity may be affected. |
| IntegrityConfidentialityAvailabilityAccess_Control | Execute unauthorized code or
commandsBypass protection
mechanism | Improper signed-to-unsigned conversions without proper checking can
sometimes trigger buffer overflows which can be used to execute
arbitrary code. This is usually outside the scope of a program's
implicit security policy. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Requirements | | Choose a language which is not subject to these casting flaws. | | |
| Architecture and Design | | Design object accessor functions to implicitly check values for valid
sizes. Ensure that all functions which will be used as a size are
checked previous to use as a size. If the language permits, throw
exceptions rather than using in-band errors. | | |
| Implementation | | Error check the return values of all functions. Be aware of implicit
casts made, and use unsigned variables for sizes if at all
possible. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-196 ChildOf CWE-885 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In the following example, it is possible to request that memcpy move
a much larger segment of memory than assumed:
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| CLASP | | Unsigned to signed conversion error | |
References:
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 6, "Type Conversions", Page 223.'. Published on 2006.
