CWE-196: Unsigned to Signed Conversion Error

VariantDraftExploit Likelihood: Medium

The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.

View on MITRE
Back to CWE Lookup

Extended Description

Although less frequent an issue than signed-to-unsigned conversion, unsigned-to-signed conversion can be the perfect precursor to dangerous buffer underwrite conditions that allow attackers to move down the stack where they otherwise might not have access in a normal buffer overflow condition. Buffer underwrites occur frequently when large unsigned values are cast to signed values, and then used as indexes into a buffer or for pointer arithmetic.

Technical Details

Structure
Simple

Applicable To

Languages
CC++
Platforms

Learn More

Find Related CVEs

Search for vulnerabilities that exploit CWE-196

CVE vs CWE: What's the Difference?

Understanding vulnerabilities vs weaknesses

Understanding CVSS Scoring

How vulnerability severity is measured

View Full MITRE Entry

Complete technical details and references

CWE-196: Unsigned to Signed Conversion Error | CWE Lookup | Inventive HQ