CWE-192: Integer Coercion Error

VariantIncompleteExploit Likelihood: Medium

Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types.

View on MITRE
Back to CWE Lookup

Extended Description

Several flaws fall under the category of integer coercion errors. For the most part, these errors in and of themselves result only in availability and data integrity issues. However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.

Technical Details

Structure
Simple

Applicable To

Languages
CC++JavaC#
Platforms

Frequently Asked Questions

What is CWE-192: Integer Coercion Error?+

CWE-192: Integer Coercion Error is a Common Weakness Enumeration (CWE) entry maintained by MITRE. Integer coercion refers to a set of flaws pertaining to the type casting, extension, or truncation of primitive data types. Several flaws fall under the category of integer coercion errors. For the most part, these errors in and of themselves result only in availability and data integrity issues. However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.

What are the security consequences of Integer Coercion Error?+

If exploited, CWE-192 (Integer Coercion Error) it can compromise Availability, Integrity, Confidentiality and Other, leading to outcomes such as DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands and Other.

How do you prevent or mitigate Integer Coercion Error?+

Recommended mitigations for CWE-192 include: A language which throws exceptions on ambiguous data casts might be chosen. Design objects and program flow such that multiple or complex casts are unnecessary Ensure that any data type casting that you must used is entirely understood in order to reduce the plausibility of error in use.

Which programming languages are affected by Integer Coercion Error?+

CWE-192 commonly affects C, C++, Java and C#. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Integer Coercion Error?+

MITRE documents real CVEs mapped to CWE-192, including CVE-2022-2639. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-192 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More