Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.
View on MITREThis weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
Provide clear upper and lower bounds on the scale of any protocols designed.
Perform validation on all incremented variables to ensure that they remain within reasonable bounds.
No detection method information available for this CWE.
The following image processing code allocates a table for images.
This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119).
No relationship information available for this CWE.
CWE-128: Wrap-around Error is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.
If exploited, CWE-128 (Wrap-around Error) it can compromise Availability, Integrity, Confidentiality and Access Control, leading to outcomes such as DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability, Modify Memory and Execute Unauthorized Code or Commands.
Recommended mitigations for CWE-128 include: Requirements specification: The choice could be made to use a language that is not susceptible to these issues. Provide clear upper and lower bounds on the scale of any protocols designed. Perform validation on all incremented variables to ensure that they remain within reasonable bounds.
CWE-128 commonly affects C and C++. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-128 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.