Variant weakness

Draft

CWE-196: Unsigned to Signed Conversion Error

The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Medium

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Although less frequent an issue than signed-to-unsigned conversion, unsigned-to-signed conversion can be the perfect precursor to dangerous buffer underwrite conditions that allow attackers to move down the stack where they otherwise might not have access in a normal buffer overflow condition. Buffer underwrites occur frequently when large unsigned values are cast to signed values, and then used as indexes into a buffer or for pointer arithmetic.

CWE-196: Unsigned to Signed Conversion Error

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-196?

What CVEs are caused by CWE-196?

How do you prevent CWE-196?

How is CWE-196 detected?

What are the consequences of CWE-196?

Is CWE-196 actively exploited?

References

Stay ahead of CWE-196

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Related weaknesses

Parent

Can also be

Related

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-196?

What CVEs are caused by CWE-196?

How do you prevent CWE-196?

How is CWE-196 detected?

What are the consequences of CWE-196?

Is CWE-196 actively exploited?

References

Stay ahead of CWE-196