Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-681 (数值类型间的不正确转换) — Vulnerability Class 41

41 vulnerabilities classified as CWE-681 (数值类型间的不正确转换). AI Chinese analysis included.

CWE-681 represents a logic weakness arising from improper type conversion, where data is truncated or misinterpreted during transitions between numeric types, such as casting a long integer to a smaller integer. This flaw typically enables attackers to exploit unexpected value changes, leading to critical security failures like buffer overflows, integer overflows, or logic bypasses in authentication and financial calculations. By manipulating input values that exceed the target type’s capacity, adversaries can trigger dangerous behaviors that compromise system integrity or confidentiality. Developers mitigate this risk by implementing rigorous input validation, ensuring explicit checks for range boundaries before conversion, and utilizing safe libraries that handle type casting securely. Additionally, employing static analysis tools and adhering to strict coding standards helps identify potential conversion errors early in the development lifecycle, preventing these vulnerabilities from reaching production environments.

MITRE CWE Description
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Common Consequences (1)
Other, IntegrityUnexpected State, Quality Degradation
The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability.
Mitigations (1)
ImplementationAvoid making conversion between numeric types. Always check for the allowed ranges.
Examples (2)
In the following Java example, a float literal is cast to an integer, thus causing a loss of precision.
int i = (int) 33457.8f;
Bad · Java
This code adds a float and an integer together, casting the result to an integer.
$floatVal = 1.8345; $intVal = 3; $result = (int)$floatVal + $intVal;
Bad · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2026-26178 Windows Advanced Rasterization Platform Elevation of Privilege Vulnerability — Windows 10 Version 1607 8.8 High2026-04-14
CVE-2026-34945 Wasmtime leaks host data with 64-bit tables and Winch — wasmtime 6.5AIMediumAI2026-04-09
CVE-2026-24174 NVIDIA Triton Inference Server 安全漏洞 — Triton Inference Server 7.5 High2026-04-07
CVE-2026-34610 leancrypto: Integer truncation in X.509 name parser enables certificate identity impersonation — leancrypto 5.9 Medium2026-04-02
CVE-2026-34550 iccDEV: UB at IccIO.cpp — iccDEV 6.2 Medium2026-03-31
CVE-2026-34548 iccDEV: UB at IccUtilXml.cpp — iccDEV 6.2 Medium2026-03-31
CVE-2026-4602 jsrsasign 安全漏洞 — jsrsasign 7.5 High2026-03-23
CVE-2025-10543 Eclipse Paho Go MQTT v3.1 library 安全漏洞 — paho.mqtt.golang (Go MQTT v3.1 library) 7.5AIHighAI2025-12-02
CVE-2025-58063 CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion — coredns 7.1 High2025-09-09
CVE-2025-53733 Microsoft Word Remote Code Execution Vulnerability — Microsoft 365 Apps for Enterprise 8.4 High2025-08-12
CVE-2025-24059 Windows Common Log File System Driver Elevation of Privilege Vulnerability — Windows 10 Version 1507 7.8 High2025-03-11
CVE-2024-49093 Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability — Windows Server 2025 8.8 High2024-12-10
CVE-2024-7747 Wallet for WooCommerce <= 1.5.6 - Authenticated (Subscriber+) Incorrect Conversion between Numeric Types — Wallet for WooCommerce 6.5 Medium2024-11-28
CVE-2022-40225 Siemens SIPLUS TIM 1531 IRC 安全漏洞 — SIPLUS TIM 1531 IRC 6.5 Medium2024-06-11
CVE-2024-32481 vyper's range(start, start + N) reverts for negative numbers — vyper 5.3 Medium2024-04-25
CVE-2024-26162 Microsoft ODBC Driver Remote Code Execution Vulnerability — Windows 10 Version 1809 8.8 High2024-03-12
CVE-2023-46848 Squid: denial of service in ftp 8.6 High2023-11-03
CVE-2023-20006 多款Cisco产品 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 8.6 High2023-06-28
CVE-2023-29346 NTFS Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2023-06-13
CVE-2023-24884 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability — Windows 10 Version 1809 8.8 High2023-04-11
CVE-2023-23401 Windows Media Remote Code Execution Vulnerability — Windows 10 Version 1809 7.8 High2023-03-14
CVE-2023-23388 Windows Bluetooth Driver Elevation of Privilege Vulnerability — Windows 10 Version 1809 8.8 High2023-03-14
CVE-2023-21736 Microsoft Office Visio Remote Code Execution Vulnerability — Microsoft Office 2019 7.8 High2023-01-10
CVE-2022-40138 Facebook Hermes 安全漏洞 — Hermes 9.8 -2022-10-11
CVE-2022-36025 Incorrect Conversion between Numeric Types in Besu Ethereum Client — besu 9.1 Critical2022-09-24
CVE-2021-27478 EIPStackGroup OpENer Ethernet/IP Incorrect Conversion between Numeric Types — OpENer EtherNet/IP 8.2 High2022-05-12
CVE-2022-27189 F5 BIG-IP 安全漏洞 — BIG-IP 7.5 High2022-05-05
CVE-2022-0322 Linux kernel 代码问题漏洞 — kernel 5.5 -2022-03-25
CVE-2021-41272 SHL, SHR, and SAR operations trigger native exception at key values in besu — besu 7.5 High2021-12-13
CVE-2021-41202 Overflow/crash in `tf.range` — tensorflow 5.5 Medium2021-11-05

Vulnerabilities classified as CWE-681 (数值类型间的不正确转换) represent 41 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.