CWE-682
DiscouragedIncorrect Calculation
Abstraction: Pillar · Status: Draft
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
159 vulnerabilities reference this CWE, most recent first.
GHSA-Q9HV-HPM4-HJ6X
Vulnerability from github – Published: 2026-02-25 19:17 – Updated: 2026-02-25 19:17The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signing relying on this curve are not affected.
The bug was fixed in v1.6.3.
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/cloudflare/circl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.6.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-1229"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2026-02-25T19:17:50Z",
"nvd_published_at": "2026-02-24T08:16:28Z",
"severity": "LOW"
},
"details": "The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas.\nECDH and ECDSA signing relying on this curve are not affected.\n\nThe bug was fixed in **[v1.6.3](https://github.com/cloudflare/circl/releases/tag/v1.6.3)**.",
"id": "GHSA-q9hv-hpm4-hj6x",
"modified": "2026-02-25T19:17:50Z",
"published": "2026-02-25T19:17:50Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/security/advisories/GHSA-q9hv-hpm4-hj6x"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-1229"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/pull/583"
},
{
"type": "PACKAGE",
"url": "https://github.com/cloudflare/circl"
},
{
"type": "WEB",
"url": "https://github.com/cloudflare/circl/releases/tag/v1.6.3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L/E:P/S:N/AU:Y/U:Amber",
"type": "CVSS_V4"
}
],
"summary": "CIRCL has an incorrect calculation in secp384r1 CombinedMult"
}
GHSA-QG3G-2MGH-33J8
Vulnerability from github – Published: 2018-09-10 15:19 – Updated: 2021-09-16 19:58Versions of msrcrypto prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package's Elliptic Curve Cryptography (ECC) implementation may leak information about a server's private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is no published proof-of-concept for this vulnerability.
Recommendation
Upgrade to version 1.4.1 or later.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "msrcrypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.4.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-8319"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:51:47Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Versions of `msrcrypto` prior to 1.4.1 are vulnerable to Sensitive Data Exposure. The package\u0027s Elliptic Curve Cryptography (ECC) implementation may leak information about a server\u0027s private ECC key. It can also allow attackers to craft invalid ECDSA signatures that pass as valid. There is no published proof-of-concept for this vulnerability.\n\n\n## Recommendation\n\nUpgrade to version 1.4.1 or later.",
"id": "GHSA-qg3g-2mgh-33j8",
"modified": "2021-09-16T19:58:01Z",
"published": "2018-09-10T15:19:49Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-8319"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-qg3g-2mgh-33j8"
},
{
"type": "WEB",
"url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2018-8319"
},
{
"type": "WEB",
"url": "https://www.npmjs.com/advisories/1112"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/104655"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041268"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Sensitive Data Exposure in msrcrypto"
}
GHSA-QHJ8-Q5R6-8Q6J
Vulnerability from github – Published: 2025-09-11 21:23 – Updated: 2025-09-11 21:23In matrix-sdk-base before 0.14.1, calling the RoomMember::normalized_power_level() method can cause a panic if a room member has a power level of Int::Min.
Patches
The issue is fixed in matrix-sdk-base 0.14.1.
Workarounds
The affected method isn’t used internally, so avoiding calling RoomMember::normalized_power_level() prevents the panic.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "matrix-sdk-base"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.14.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-59047"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2025-09-11T21:23:55Z",
"nvd_published_at": "2025-09-11T18:15:35Z",
"severity": "LOW"
},
"details": "In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member has a power level of `Int::Min`.\n\n### Patches\nThe issue is fixed in matrix-sdk-base 0.14.1.\n\n### Workarounds\nThe affected method isn\u2019t used internally, so avoiding calling `RoomMember::normalized_power_level()` prevents the panic.",
"id": "GHSA-qhj8-q5r6-8q6j",
"modified": "2025-09-11T21:23:55Z",
"published": "2025-09-11T21:23:55Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/matrix-org/matrix-rust-sdk/security/advisories/GHSA-qhj8-q5r6-8q6j"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59047"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/matrix-rust-sdk/pull/5635"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/matrix-rust-sdk/commit/ce3b67f801446387972ff120e907ca828a9f1207"
},
{
"type": "PACKAGE",
"url": "https://github.com/matrix-org/matrix-rust-sdk"
},
{
"type": "WEB",
"url": "https://github.com/matrix-org/matrix-rust-sdk/releases/tag/matrix-sdk-base-0.14.1"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2025-0065.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U",
"type": "CVSS_V4"
}
],
"summary": "matrix-sdk-base: Panic in the `RoomMember::normalized_power_level()` method"
}
GHSA-QJ3V-Q2VJ-4C8H
Vulnerability from github – Published: 2021-08-25 20:55 – Updated: 2021-08-18 21:27An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "ark-r1cs-std"
},
"ranges": [
{
"events": [
{
"introduced": "0.2.0"
},
{
"fixed": "0.3.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2021-38194"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2021-08-18T21:27:27Z",
"nvd_published_at": "2021-08-08T06:15:00Z",
"severity": "CRITICAL"
},
"details": "An issue was discovered in the ark-r1cs-std crate before 0.3.1 for Rust. It does not enforce any constraints in the FieldVar::mul_by_inverse method. Thus, a prover can produce a proof that is unsound but is nonetheless verified.",
"id": "GHSA-qj3v-q2vj-4c8h",
"modified": "2021-08-18T21:27:27Z",
"published": "2021-08-25T20:55:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-38194"
},
{
"type": "WEB",
"url": "https://github.com/arkworks-rs/r1cs-std/pull/70"
},
{
"type": "WEB",
"url": "https://github.com/arkworks-rs/r1cs-std/commit/47ddbaa411afe7c499311a248a38135e5a192b67"
},
{
"type": "PACKAGE",
"url": "https://github.com/arkworks-rs/r1cs-std"
},
{
"type": "WEB",
"url": "https://raw.githubusercontent.com/rustsec/advisory-db/main/crates/ark-r1cs-std/RUSTSEC-2021-0075.md"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2021-0075.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Calculation error in ark-r1cs-std"
}
GHSA-RQ6Q-MVJ3-3H4X
Vulnerability from github – Published: 2023-08-08 15:33 – Updated: 2024-04-04 06:39A vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.
{
"affected": [],
"aliases": [
"CVE-2023-2423"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-08-08T15:15:10Z",
"severity": "HIGH"
},
"details": "\nA vulnerability was discovered in the Rockwell Automation Armor PowerFlex device when the product sends communications to the local event log. Threat actors could exploit this vulnerability by sending an influx of network commands, causing the product to generate an influx of event log traffic at a high rate. If exploited, the product would stop normal operations and self-reset creating a denial-of-service condition. The error code would need to be cleared prior to resuming normal operations.\n\n",
"id": "GHSA-rq6q-mvj3-3h4x",
"modified": "2024-04-04T06:39:53Z",
"published": "2023-08-08T15:33:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-2423"
},
{
"type": "WEB",
"url": "https://rockwellautomation.custhelp.com/app/answers/answer_view/a_id/1140371"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RRXH-8G9J-52X9
Vulnerability from github – Published: 2022-05-06 00:00 – Updated: 2022-05-14 00:01On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated
{
"affected": [],
"aliases": [
"CVE-2022-26517"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-05T17:15:00Z",
"severity": "HIGH"
},
"details": "On F5 BIG-IP 15.1.x versions prior to 15.1.5.1, 14.1.x versions prior to 14.1.4.6, and 13.1.x versions prior to 13.1.5, when the BIG-IP CGNAT Large Scale NAT (LSN) pool is configured on a virtual server and packet filtering is enabled, undisclosed requests can cause the Traffic Management Microkernel (TMM) to terminate. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated",
"id": "GHSA-rrxh-8g9j-52x9",
"modified": "2022-05-14T00:01:38Z",
"published": "2022-05-06T00:00:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26517"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K54082580"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-RWVC-J5JR-MGVH
Vulnerability from github – Published: 2025-11-07 03:30 – Updated: 2025-12-02 01:27A vulnerability in Vercel’s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "ai"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0.52"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "npm",
"name": "ai"
},
"ranges": [
{
"events": [
{
"introduced": "5.1.0-beta.0"
},
{
"fixed": "5.1.0-beta.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-48985"
],
"database_specific": {
"cwe_ids": [
"CWE-20",
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2025-11-07T17:39:01Z",
"nvd_published_at": "2025-11-07T01:15:36Z",
"severity": "LOW"
},
"details": "A vulnerability in Vercel\u2019s AI SDK has been fixed in versions 5.0.52, 5.1.0-beta.9, and 6.0.0-beta. This issue may have allowed users to bypass filetype whitelists when uploading files. All users are encouraged to upgrade.",
"id": "GHSA-rwvc-j5jr-mgvh",
"modified": "2025-12-02T01:27:15Z",
"published": "2025-11-07T03:30:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-48985"
},
{
"type": "WEB",
"url": "https://github.com/vercel/ai/issues/8881"
},
{
"type": "WEB",
"url": "https://github.com/vercel/ai/commit/930399bb9839a8baf3d349614106d78268775eed"
},
{
"type": "PACKAGE",
"url": "https://github.com/vercel/ai"
},
{
"type": "WEB",
"url": "https://vercel.com/changelog/cve-2025-48985-input-validation-bypass-on-ai-sdk"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
],
"summary": "Vercel\u2019s AI SDK\u0027s filetype whitelists can be bypassed when uploading files"
}
GHSA-V57H-6HMH-G2P4
Vulnerability from github – Published: 2022-09-23 22:07 – Updated: 2024-10-24 21:55Impact
Previously, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as a result inflate up the chain gas prices. This issue is fixed by properly refund unused weights after each EVM execution.
The impact of this issue is limited in that the spamming attack would still be costly for any adversary, and it has no ability to alter any chain state.
Patches
The issue is fixed in https://github.com/paritytech/frontier/pull/851
Workarounds
None.
References
Are there any links users can visit to find out more?
For more information
If you have any questions or comments about this advisory: * Open an issue in Frontier repo * Email Wei
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "pallet-ethereum"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2022-39242"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2022-09-23T22:07:10Z",
"nvd_published_at": "2022-09-24T02:15:00Z",
"severity": "MODERATE"
},
"details": "### Impact\n\nPreviously, the worst case weight was always accounted as the block weight for all cases. In case of large EVM gas refunds, this can lead to block spamming attacks -- the adversary can construct blocks with transactions that have large amount of refunds or unused gases with reverts, and as a result inflate up the chain gas prices. This issue is fixed by properly refund unused weights after each EVM execution.\n\nThe impact of this issue is limited in that the spamming attack would still be costly for any adversary, and it has no ability to alter any chain state. \n\n### Patches\n\nThe issue is fixed in https://github.com/paritytech/frontier/pull/851\n\n### Workarounds\n\nNone.\n\n### References\n_Are there any links users can visit to find out more?_\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [Frontier repo](https://github.com/paritytech/frontier/issues)\n* Email [Wei](mailto:wei@that.world)\n",
"id": "GHSA-v57h-6hmh-g2p4",
"modified": "2024-10-24T21:55:59Z",
"published": "2022-09-23T22:07:10Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/paritytech/frontier/security/advisories/GHSA-v57h-6hmh-g2p4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39242"
},
{
"type": "WEB",
"url": "https://github.com/paritytech/frontier/pull/851"
},
{
"type": "PACKAGE",
"url": "https://github.com/paritytech/frontier"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
}
],
"summary": "Weight not properly refunded after EVM execution"
}
GHSA-V592-XF75-856P
Vulnerability from github – Published: 2021-06-29 21:12 – Updated: 2025-01-30 14:39Impact
An ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected.
Patches
This issue is also fixed as of 1.9.24. Thanks to @slavikus for bringing the issue to our attention and writing the fix.
Workarounds
This PR implements a patch: https://github.com/ethereum/go-ethereum/pull/21793
References
https://blog.ethereum.org/2020/11/12/geth_security_release/
For more information
If you have any questions or comments about this advisory: * Open an issue in go-ethereum * Email us at security@ethereum.org
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/ethereum/go-ethereum"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.9.24"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2020-26240"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": true,
"github_reviewed_at": "2021-05-21T21:52:58Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Impact\nAn ethash mining DAG generation flaw in Geth could cause miners to erroneously calculate PoW in an upcoming epoch (estimated early January, 2021). This happened on the ETC chain on 2020-11-06. This issue is relevant only for miners, non-mining nodes are unaffected.\n\n### Patches\nThis issue is also fixed as of 1.9.24. Thanks to @slavikus for bringing the issue to our attention and writing the fix. \n\n### Workarounds\nThis PR implements a patch: https://github.com/ethereum/go-ethereum/pull/21793 \n\n### References\nhttps://blog.ethereum.org/2020/11/12/geth_security_release/\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [go-ethereum](https://github.com/ethereum/go-ethereum)\n* Email us at [security@ethereum.org](mailto:security@ethereum.org)",
"id": "GHSA-v592-xf75-856p",
"modified": "2025-01-30T14:39:18Z",
"published": "2021-06-29T21:12:56Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-v592-xf75-856p"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-26240"
},
{
"type": "WEB",
"url": "https://github.com/ethereum/go-ethereum/pull/21793"
},
{
"type": "WEB",
"url": "https://github.com/ethereum/go-ethereum/commit/d990df909d7839640143344e79356754384dcdd0"
},
{
"type": "WEB",
"url": "https://blog.ethereum.org/2020/11/12/geth_security_release"
},
{
"type": "PACKAGE",
"url": "https://github.com/ethereum/go-ethereum"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Erroneous Proof of Work calculation in geth"
}
GHSA-VR7G-PRHX-JMVM
Vulnerability from github – Published: 2022-05-13 01:40 – Updated: 2022-05-13 01:40A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978.
{
"affected": [],
"aliases": [
"CVE-2017-0679"
],
"database_specific": {
"cwe_ids": [
"CWE-682"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-07-06T20:29:00Z",
"severity": "HIGH"
},
"details": "A remote code execution vulnerability in the Android media framework. Product: Android. Versions: 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2. Android ID: A-36996978.",
"id": "GHSA-vr7g-prhx-jmvm",
"modified": "2022-05-13T01:40:27Z",
"published": "2022-05-13T01:40:27Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-0679"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/2017-07-01"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/99478"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
Mitigation MIT-8
Strategy: Input Validation
Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
Mitigation
Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
Mitigation
Strategy: Language Selection
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation
Strategy: Libraries or Frameworks
- Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences.
- Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Mitigation MIT-26
Strategy: Compilation or Build Hardening
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
CAPEC-128: Integer Attacks
An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.
CAPEC-129: Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.