Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-191:Integer Underflow (Wrap or Wraparound)
Weakness ID:191
Version:v4.17
Weakness Name:Integer Underflow (Wrap or Wraparound)
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Draft
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

▼Extended Description

This can happen in signed and unsigned cases.

▼Alternate Terms
Integer underflow

"Integer underflow" is sometimes used to identify signedness errors in which an originally positive number becomes negative as a result of subtraction. However, there are cases of bad subtraction in which unsigned integers are involved, so it's not always a signedness issue.

"Integer underflow" is occasionally used to describe array index errors in which the index is negative.

▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfDiscouragedP682Incorrect Calculation
Nature: ChildOf
Mapping: Discouraged
Type: Pillar
ID: 682
Name: Incorrect Calculation
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC189Numeric Errors
MemberOfProhibitedV884CWE Cross-section
MemberOfProhibitedC998SFP Secondary Cluster: Glitch in Computation
MemberOfProhibitedC1137SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)
MemberOfProhibitedC1158SEI CERT C Coding Standard - Guidelines 04. Integers (INT)
MemberOfProhibitedC1408Comprehensive Categorization: Incorrect Calculation
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 189
Name: Numeric Errors
Nature: MemberOf
Mapping: Prohibited
Type:View
ID: 884
Name: CWE Cross-section
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 998
Name: SFP Secondary Cluster: Glitch in Computation
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1137
Name: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1158
Name: SEI CERT C Coding Standard - Guidelines 04. Integers (INT)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1408
Name: Comprehensive Categorization: Incorrect Calculation
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-247Weaknesses in Software Written in C#
MemberOfProhibitedBSBOSS-311Execute Unauthorized Code or Commands (impact)
MemberOfProhibitedBSBOSS-314DoS: Resource Consumption (CPU) (impact)
MemberOfProhibitedBSBOSS-316Bypass Protection Mechanism (impact)
MemberOfProhibitedBSBOSS-324DoS: Crash, Exit, or Restart (impact)
MemberOfProhibitedBSBOSS-327DoS: Resource Consumption (Memory) (impact)
MemberOfProhibitedBSBOSS-329DoS: Instability (impact)
MemberOfProhibitedBSBOSS-331Modify Memory (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-247
Name: Weaknesses in Software Written in C#
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-311
Name: Execute Unauthorized Code or Commands (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-314
Name: DoS: Resource Consumption (CPU) (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-316
Name: Bypass Protection Mechanism (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-324
Name: DoS: Crash, Exit, or Restart (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-327
Name: DoS: Resource Consumption (Memory) (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-329
Name: DoS: Instability (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-331
Name: Modify Memory (impact)
▼Relevant To View
Relevant to the view"Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java - (1133)"
NatureMappingTypeIDName
MemberOfProhibitedC1137SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1137
Name: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM)
Relevant to the view"Weaknesses Addressed by the SEI CERT C Coding Standard - (1154)"
NatureMappingTypeIDName
MemberOfProhibitedC1158SEI CERT C Coding Standard - Guidelines 04. Integers (INT)
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1158
Name: SEI CERT C Coding Standard - Guidelines 04. Integers (INT)
Relevant to the view"Software Development - (699)"
NatureMappingTypeIDName
MemberOfProhibitedC189Numeric Errors
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 189
Name: Numeric Errors
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC998SFP Secondary Cluster: Glitch in Computation
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 998
Name: SFP Secondary Cluster: Glitch in Computation
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
AvailabilityN/ADoS: Crash, Exit, or RestartDoS: Resource Consumption (CPU)DoS: Resource Consumption (Memory)DoS: Instability

This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.

IntegrityN/AModify Memory

If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.

ConfidentialityAvailabilityAccess ControlN/AExecute Unauthorized Code or CommandsBypass Protection Mechanism

This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.

Scope: Availability
Likelihood: N/A
Impact: DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability
Note:

This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.

Scope: Integrity
Likelihood: N/A
Impact: Modify Memory
Note:

If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.

Scope: Confidentiality, Availability, Access Control
Likelihood: N/A
Impact: Execute Unauthorized Code or Commands, Bypass Protection Mechanism
Note:

This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.

▼Potential Mitigations
▼Modes Of Introduction
Phase: Implementation
Note:

N/A

▼Applicable Platforms
Languages
Class: C(Undetermined Prevalence)
Class: C++(Undetermined Prevalence)
Class: Java(Undetermined Prevalence)
Class: C#(Undetermined Prevalence)
▼Demonstrative Examples
Example 1

The following example subtracts from a 32 bit signed integer.

Language: ( code)
N/A

Language: C(Bad code)
#include <stdio.h> #include <stdbool.h> main (void) { int i; i = -2147483648; i = i - 1; return 0; }

Language: ( code)
N/A

The example has an integer underflow. The value of i is already at the lowest negative value possible, so after subtracting 1, the new value of i is 2147483647.

Example 2

This code performs a stack allocation based on a length calculation.

Language: ( code)
N/A

Language: C(Bad code)
int a = 5, b = 6; size_t len = a - b; char buf[len]; // Just blows up the stack }

Language: ( code)
N/A

Since a and b are declared as signed ints, the "a - b" subtraction gives a negative result (-1). However, since len is declared to be unsigned, len is cast to an extremely large positive number (on 32-bit systems - 4294967295). As a result, the buffer buf[len] declaration uses an extremely large size to allocate on the stack, very likely more than the entire computer's memory space.

Language: ( code)
N/A

Miscalculations usually will not be so obvious. The calculation will either be complicated or the result of an attacker's input to attain the negative value.

▼Observed Examples
ReferenceDescription
CVE-2004-0816
Integer underflow in firewall via malformed packet.
CVE-2004-1002
Integer underflow by packet with invalid length.
CVE-2005-0199
Long input causes incorrect length calculation.
CVE-2005-1891
Malformed icon causes integer underflow in loop counter variable.
Reference: CVE-2004-0816
Description:
Integer underflow in firewall via malformed packet.
Reference: CVE-2004-1002
Description:
Integer underflow by packet with invalid length.
Reference: CVE-2005-0199
Description:
Long input causes incorrect length calculation.
Reference: CVE-2005-1891
Description:
Malformed icon causes integer underflow in loop counter variable.
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      Automated Static Analysis
      Detection Method ID:DM-14
      Description:

      Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

      Effectiveness:High
      Note:

      N/A

      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      PLOVERN/AN/AInteger underflow (wrap or wraparound)
      Software Fault PatternsSFP1N/AGlitch in computation
      CERT C Secure CodingINT30-CImpreciseEnsure that unsigned integer operations do not wrap
      CERT C Secure CodingINT32-CImpreciseEnsure that operations on signed integers do not result in overflow
      Taxonomy Name: PLOVER
      Entry ID: N/A
      Fit: N/A
      Entry Name: Integer underflow (wrap or wraparound)
      Taxonomy Name: Software Fault Patterns
      Entry ID: SFP1
      Fit: N/A
      Entry Name: Glitch in computation
      Taxonomy Name: CERT C Secure Coding
      Entry ID: INT30-C
      Fit: Imprecise
      Entry Name: Ensure that unsigned integer operations do not wrap
      Taxonomy Name: CERT C Secure Coding
      Entry ID: INT32-C
      Fit: Imprecise
      Entry Name: Ensure that operations on signed integers do not result in overflow
      ▼Related Attack Patterns
      IDName
      ▼References
      Reference ID: REF-44
      Title: 24 Deadly Sins of Software Security
      Author: Michael Howard, David LeBlanc, John Viega
      Section: "Sin 7: Integer Overflows." Page 119
      Publication:
      McGraw-Hill
      Publisher:
      Edition:
      URL:
      URL Date:
      Day:N/A
      Month:N/A
      Year:2010
      Details not found