CWE-1335: Incorrect Bitwise Shift of Integer
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.
常见后果
影响范围: Integrity
技术影响: DoS: Crash, Exit, or Restart
潜在缓解措施
阶段: Implementation
描述: Implicitly or explicitly add checks and mitigation for negative or over-shift values.
观察示例
参考: CVE-2009-4307
An unexpected large value in the ext4 filesystem causes an overshift condition resulting in a divide by zero.
参考: CVE-2012-2100
An unexpected large value in the ext4 filesystem causes an overshift condition resulting in a divide by zero - fix of CVE-2009-4307.
参考: CVE-2020-8835
An overshift in a kernel allowed out of bounds reads and writes resulting in a root takeover.
参考: CVE-2015-1607
Program is not properly handling signed bitwise left-shifts causing an overlapping memcpy memory range error.
参考: CVE-2016-9842
Compression function improperly executes a signed left shift of a negative integer.
参考: CVE-2018-18445
Some kernels improperly handle right shifts of 32 bit numbers in a 64 bit register.
参考: CVE-2013-4206
Putty has an incorrectly sized shift value resulting in an overshift.
参考: CVE-2018-20788
LED driver overshifts under certain conditions resulting in a DoS.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | Adding shifts without properly verifying the size and sign of the shift amount. |