CWE-681: Incorrect Conversion between Numeric Types
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
常见后果
影响范围: Other Integrity
技术影响: Unexpected State Quality Degradation
说明: The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability.
潜在缓解措施
阶段: Implementation
描述: Avoid making conversion between numeric types. Always check for the allowed ranges.
观察示例
参考: CVE-2022-2639
Chain: integer coercion error (CWE-192) prevents a return value from indicating an error, leading to out-of-bounds write (CWE-787)
参考: CVE-2021-43537
Chain: in a web browser, an unsigned 64-bit integer is forcibly cast to a 32-bit integer (CWE-681) and potentially leading to an integer overflow (CWE-190). If an integer overflow occurs, this can cause heap memory corruption (CWE-122)
参考: CVE-2007-4268
Chain: integer signedness error (CWE-195) passes signed comparison, leading to heap overflow (CWE-122)
参考: CVE-2007-4988
Chain: signed short width value in image processor is sign extended during conversion to unsigned int, which leads to integer overflow and heap-based buffer overflow.
参考: CVE-2009-0231
Integer truncation of length value leads to heap-based buffer overflow.
参考: CVE-2008-3282
Size of a particular type changes for 64-bit platforms, leading to an integer truncation in document processor causes incorrect index to be generated.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | FLP34-C | Ensure that floating point conversions are within range of the new type | CWE More Abstract |
| CERT C Secure Coding | INT15-C | Use intmax_t or uintmax_t for formatted IO on programmer-defined integer types | - |
| CERT C Secure Coding | INT31-C | Ensure that integer conversions do not result in lost or misinterpreted data | CWE More Abstract |
| CERT C Secure Coding | INT35-C | Evaluate integer expressions in a larger size before comparing or assigning to that size | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | NUM12-J | Ensure conversions of numeric types to narrower types do not result in lost or misinterpreted data | - |
| Software Fault Patterns | SFP1 | Glitch in computation | - |
| OMG ASCSM | ASCSM-CWE-681 | - |