CAPEC-128: Integer Attacks

An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.

Medium

Typical severity

Per MITRE

Not rated

Likelihood of attack

Per MITRE

Related weaknesses

CWEs this targets

Standard

Abstraction

MITRE classification

Overview

CAPEC-128 (Integer Attacks) is a standard-level attack pattern catalogued by MITRE in the Common Attack Pattern Enumeration and Classification (CAPEC). It describes a recurring method attackers use to exploit software weaknesses.

CAPEC-128: Integer Attacks

Overview

What the attacker needs

Prerequisites

Resources required

Frequently asked questions

What is CAPEC-128?

What weaknesses does CAPEC-128 target?

How severe is CAPEC-128?

References

Defend against CAPEC-128

Overview

What the attacker needs

Prerequisites

Resources required

Related weaknesses

Related attack patterns

Parent

Child

Frequently asked questions

What is CAPEC-128?

What weaknesses does CAPEC-128 target?

How severe is CAPEC-128?

References

Defend against CAPEC-128