CWE-681: Incorrect Conversion between Numeric Types

CWE-681: Incorrect Conversion between Numeric Types | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

In the following Java example, a float literal is cast to an integer, thus causing a loss of precision.

Vulnerable example

java

int i = (int) 33457.8f;

This code adds a float and an integer together, casting the result to an integer.

Vulnerable example

php

$floatVal = 1.8345;

Normally, PHP will preserve the precision of this operation, making $result = 4.8345. After the cast to int, it is reasonable to expect PHP to follow rounding convention and set $result = 5. However, the explicit cast to int always rounds DOWN, so the final value of $result is 4. This behavior may have unintended consequences.

In this example the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned int, amount will be implicitly converted to unsigned.

Vulnerable example

unsigned int readdata () {

If the error condition in the code above is met, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers.

In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number.

Vulnerable example

unsigned int readdata () {

If the return value of accessmainframe() is -1, then the return value of readdata() will be 4,294,967,295 on a system that uses 32-bit integers.

CWE-681: Incorrect Conversion between Numeric Types

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-681?

What CVEs are caused by CWE-681?

How do you prevent CWE-681?

How is CWE-681 detected?

What are the consequences of CWE-681?

Is CWE-681 actively exploited?

References

Stay ahead of CWE-681

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Can precede

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-681?

What CVEs are caused by CWE-681?

How do you prevent CWE-681?

How is CWE-681 detected?

What are the consequences of CWE-681?

Is CWE-681 actively exploited?

References

Stay ahead of CWE-681