- What is CWE-190?
- The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
- What CVEs are caused by CWE-190?
- 1,245 recorded CVEs are attributed to CWE-190, including CVE-2023-33107, CVE-2023-6345, CVE-2023-2136. 20 are listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.
- How do you prevent CWE-190?
- Ensure that all protocols are strictly defined, such that all out-of-bounds behavior can be identified simply, and require strict conformance to the protocol.
- How is CWE-190 detected?
- Automated Static Analysis: This weakness can often be detected using automated static analysis tools. Many modern tools use data flow analysis or constraint-based techniques to minimize the number of false positives.
- What are the consequences of CWE-190?
- Exploiting CWE-190 can lead to: DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Memory), DoS: Instability, Modify Memory, Execute Unauthorized Code or Commands, Bypass Protection Mechanism.
- Is CWE-190 actively exploited?
- Yes. 20 CWE-190 vulnerabilities are in CISA's KEV catalog of actively exploited flaws, out of 1,245 recorded CVEs.