CWE-680: Integer Overflow to Buffer Overflow
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.
常见后果
影响范围: Integrity Availability Confidentiality
技术影响: Modify Memory DoS: Crash, Exit, or Restart Execute Unauthorized Code or Commands
观察示例
参考: CVE-2021-43537
Chain: in a web browser, an unsigned 64-bit integer is forcibly cast to a 32-bit integer (CWE-681) and potentially leading to an integer overflow (CWE-190). If an integer overflow occurs, this can cause heap memory corruption (CWE-122)
参考: CVE-2017-1000121
chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | INT30-C | Ensure that unsigned integer operations do not wrap | Imprecise |
| CERT C Secure Coding | INT32-C | Ensure that operations on signed integers do not result in overflow | Imprecise |
| CERT C Secure Coding | MEM35-C | Allocate sufficient memory for an object | CWE More Abstract |
关键信息
CWE ID: CWE-680
抽象级别: Compound
结构: Chain
状态: Draft