Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-195 (有符号至无符号转换错误) — Vulnerability Class 12

12 vulnerabilities classified as CWE-195 (有符号至无符号转换错误). AI Chinese analysis included.

CWE-195 represents a critical programming weakness involving the improper conversion of signed integers to unsigned types, often triggered by implicit casts that yield unexpected values when negative numbers are involved. Attackers typically exploit this vulnerability by supplying negative inputs to functions expecting unsigned parameters, causing the signed value to wrap around into a large positive integer. This manipulation can bypass security checks, trigger buffer overflows, or cause integer underflows, leading to memory corruption or denial of service. To mitigate this risk, developers must explicitly validate input ranges before conversion, ensuring values fall within the safe bounds of the target unsigned type. Utilizing static analysis tools to detect implicit casts and enforcing strict type checking during compilation further reduces the likelihood of such errors, thereby preserving data integrity and application stability against malicious exploitation.

MITRE CWE Description
The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive. It is dangerous to rely on implicit casts between signed and unsigned numbers because the result can take on an unexpected value and violate assumptions made by the program. Often, functions will return negative values to indicate a failure. When the result of a function is to be used as a size parameter, using these negative return values can have unexpected results. For example, if negative size values are passed to the standard memory copy or allocation functions they will be implicitly cast to a large unsigned value. This may lead to an exploitable buffer overflow or underflow condition.
Common Consequences (1)
IntegrityUnexpected State
Conversion between signed and unsigned values can lead to a variety of errors, but from a security standpoint is most commonly associated with integer overflow and buffer overflow vulnerabilities.
Examples (2)
In this example the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned int, amount will be implicitly converted to unsigned.
unsigned int readdata () { int amount = 0; ... if (result == ERROR) amount = -1; ... return amount; }
Bad · C
In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number.
unsigned int readdata () { int amount = 0; ... amount = accessmainframe(); ... return amount; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-41682 pupnp: Port truncation via atoi() cast in parse_uri() allows SSRF port confusion — pupnp 9.8AICriticalAI2026-05-08
CVE-2026-26981 OpenEXR has heap-buffer-overflow via signed integer underflow in ImfContextInit.cpp — openexr 6.5 Medium2026-02-24
CVE-2025-67897 Sequoia PGP 安全漏洞 — sequoia 5.3 Medium2025-12-14
CVE-2025-30646 Junos OS and Junos OS Evolved: Receipt of a malformed LLDP TLV results in l2cpd crash — Junos OS 6.5 Medium2025-04-09
CVE-2025-24792 Snowflake PHP PDO Driver has a Signed-to-Unsigned Conversion Error — pdo_snowflake 4.4 Medium2025-01-29
CVE-2023-28063 Dell BIOS 安全漏洞 — CPG BIOS 6.7 Medium2024-02-06
CVE-2023-33034 Signed-to-unsigned conversion error in Audio — Snapdragon 7.8 High2023-10-03
CVE-2023-3635 Okio GzipSource unhandled exception Denial of Service 5.9 Medium2023-07-12
CVE-2022-43663 WellinTech KingHistorian 代码问题漏洞 — KingHistorian 8.1 High2023-03-20
CVE-2020-1913 Facebook Hermes 安全漏洞 — Hermes 8.1 -2020-09-09
CVE-2020-6096 GNU glibc 数字错误漏洞 — GNU glibc 8.1 -2020-04-01
CVE-2016-6560 Oracle illumos 安全漏洞 — osnet-incorporation 7.5 -2017-03-31

Vulnerabilities classified as CWE-195 (有符号至无符号转换错误) represent 12 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.