目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-192 整数强制转换错误 类漏洞列表 4

CWE-192 整数强制转换错误 类弱点 4 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-192 整数强制转换错误涉及原始数据类型的类型转换、扩展或截断缺陷。攻击者通常利用此漏洞通过构造特定输入,导致数据完整性受损或系统可用性降低,在特定场景下可能引发更复杂的安全漏洞。开发者应避免不安全的类型转换,确保在数据转换过程中进行严格的范围检查和类型验证,以防止整数溢出或截断带来的安全风险。

MITRE CWE 官方描述
CWE:CWE-192 整数强制转换错误 (Integer Coercion Error) 英文:整数强制转换 (Integer coercion) 指的是一类与原始数据类型 (primitive data types) 的类型转换 (type casting)、扩展 (extension) 或截断 (truncation) 相关的缺陷。 多种缺陷归属于整数强制转换错误 (integer coercion errors) 类别。在大多数情况下,这些错误本身仅导致可用性和数据完整性 (data integrity) 问题。然而,在某些情况下,它们可能导致其他更复杂的安全相关缺陷,例如缓冲区溢出 (buffer overflow) 条件。
常见影响 (3)
AvailabilityDoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Crash, Exit, or Restart
Integer coercion often leads to undefined states of execution resulting in infinite loops or crashes.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
In some cases, integer coercion errors can lead to exploitable buffer overflow conditions, resulting in the execution of arbitrary code.
Integrity, OtherOther
Integer coercion errors result in an incorrect value being stored for the variable in question.
缓解措施 (3)
RequirementsA language which throws exceptions on ambiguous data casts might be chosen.
Architecture and DesignDesign objects and program flow such that multiple or complex casts are unnecessary
ImplementationEnsure that any data type casting that you must used is entirely understood in order to reduce the plausibility of error in use.
代码示例 (2)
The following code is intended to read an incoming packet from a socket and extract one or more headers.
DataPacket *packet; int numHeaders; PacketHeader *headers; sock=AcceptSocketConnection(); ReadPacket(packet, sock); numHeaders =packet->headers; if (numHeaders > 100) { ExitError("too many headers!"); } headers = malloc(numHeaders * sizeof(PacketHeader); ParsePacketHeaders(packet, headers);
Bad · C
The following code reads a maximum size and performs validation on that size. It then performs a strncpy, assuming it will not exceed the boundaries of the array. While the use of "short s" is forced in this particular example, short int's are frequently used within real-world code, such as code that processes structured data.
int GetUntrustedInt () { return(0x0000FFFF); } void main (int argc, char **argv) { char path[256]; char *input; int i; short s; unsigned int sz; i = GetUntrustedInt(); s = i; /* s is -1 so it passes the safety check - CWE-697 */ if (s > 256) { DiePainfully("go away!\n"); } /* s is sign-extended and saved in sz */ sz = s; /* output: i=65535, s=-1, sz=4294967295 - your mileage may vary */ printf("i=%d, s=%d, sz=%u\n", i, s, sz); input = GetUserInput("Enter pathname:"); /* strncpy interprets s as unsigned int, so it's treated as MAX_INT (CWE-195), enabling buffer overflow (CWE-119) */ strncpy(pat
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2022-2639 Linux kernel 数字错误漏洞 — kernel 7.8 -2022-09-01
CVE-2014-125012 FFmpeg 安全漏洞 — FFmpeg 5.3 Medium2022-06-18
CVE-2014-125011 FFmpeg 安全漏洞 — FFmpeg 5.3 Medium2022-06-18
CVE-2021-32996 FANUC Robotics Virtual Robot Controller 缓冲区错误漏洞 — R-30iA, R-30iA Mate 7.5 -2022-01-07

CWE-192(整数强制转换错误) 是常见的弱点类别,本平台收录该类弱点关联的 4 条 CVE 漏洞。