Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1335 — Vulnerability Class 2

2 vulnerabilities classified as CWE-1335. AI Chinese analysis included.

CWE-1335 represents a logical weakness where an integer undergoes a bitwise shift using a negative value or a magnitude exceeding the data type’s bit width. This error typically stems from insufficient validation of shift operands, leading to undefined behavior or indeterminate results that vary across different architectures and compilers. Attackers may exploit this inconsistency to trigger unexpected program states, potentially causing crashes, data corruption, or bypassing security checks that rely on predictable bitwise operations. To prevent such vulnerabilities, developers must rigorously validate shift amounts before execution, ensuring they fall within the valid range of zero to the bit width minus one. Implementing strict input sanitization and utilizing static analysis tools can help detect these out-of-bounds shifts early in the development lifecycle, thereby maintaining code integrity and preventing exploitation through undefined behavior.

MITRE CWE Description
An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result. Specifying a value to be shifted by a negative amount is undefined in various languages. Various computer architectures implement this action in different ways. The compilers and interpreters when generating code to accomplish a shift generally do not do a check for this issue. Specifying an over-shift, a shift greater than or equal to the number of bits contained in a value to be shifted, produces a result which varies by architecture and compiler. In some languages, this action is specifically listed as producing an undefined result.
Common Consequences (1)
IntegrityDoS: Crash, Exit, or Restart
Mitigations (1)
ImplementationImplicitly or explicitly add checks and mitigation for negative or over-shift values.
Examples (1)
A negative shift amount for an x86 or x86_64 shift instruction will produce the number of bits to be shifted by taking a 2's-complement of the shift amount and effectively masking that amount to the lowest 6 bits for a 64 bit shift instruction.
unsigned int r = 1 << -5;
Bad · C
int choose_bit(int reg_bit, int bit_number_from_elsewhere) { if (NEED_TO_SHIFT) { reg_bit -= bit_number_from_elsewhere; } return reg_bit; } unsigned int handle_io_register(unsigned int *r) { unsigned int the_bit = 1 << choose_bit(5, 10); *r |= the_bit; return the_bit; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-4426 Libarchive: libarchive: denial of service via malformed iso file processing — Red Hat Hardened Images 6.5 Medium2026-03-19
CVE-2023-3161 Linux kernel 安全漏洞 — Linux Kernel (fbcon) 6.1 -2023-06-12

Vulnerabilities classified as CWE-1335 represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.