Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-128 (超界折返处理错误) — Vulnerability Class 1

1 vulnerabilities classified as CWE-128 (超界折返处理错误). AI Chinese analysis included.

CWE-128 represents a critical arithmetic weakness where integer values exceed their maximum capacity, causing them to wrap around to negative or undefined states. This flaw typically arises in languages with fixed-size data types, such as C or C++, when developers fail to validate input bounds before performing arithmetic operations. Attackers exploit this vulnerability by supplying carefully crafted inputs that trigger the overflow, potentially leading to buffer overflows, logic errors, or unauthorized access if the wrapped value is used for memory allocation or array indexing. To mitigate this risk, developers must implement rigorous input validation and employ safe arithmetic libraries that detect overflows before they occur. Additionally, using larger data types or unsigned integers where appropriate, combined with comprehensive unit testing for edge cases, ensures that boundary conditions are handled correctly, thereby preventing the unexpected behavior associated with wrap-around errors.

MITRE CWE Description
Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.
Common Consequences (3)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
IntegrityModify Memory
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
Confidentiality, Availability, Access ControlExecute Unauthorized Code or Commands, Bypass Protection Mechanism
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
Mitigations (3)
Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
Architecture and DesignProvide clear upper and lower bounds on the scale of any protocols designed.
ImplementationPerform validation on all incremented variables to ensure that they remain within reasonable bounds.
Examples (1)
The following image processing code allocates a table for images.
img_t table_ptr; /*struct containing img data, 10kB each*/ int num_imgs; ... num_imgs = get_num_imgs(); table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs); ...
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-35258 Pulse Secure Pulse Connect Secure 安全漏洞 — Ivanti Connect Secure (ICS), Ivanti Policy Secure (IPS), and Ivanti Neurons for Zero Trust Access Gateway 7.5 -2022-12-05

Vulnerabilities classified as CWE-128 (超界折返处理错误) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.