Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-681 (数值类型间的不正确转换) — Vulnerability Class 41

41 vulnerabilities classified as CWE-681 (数值类型间的不正确转换). AI Chinese analysis included.

CWE-681 represents a logic weakness arising from improper type conversion, where data is truncated or misinterpreted during transitions between numeric types, such as casting a long integer to a smaller integer. This flaw typically enables attackers to exploit unexpected value changes, leading to critical security failures like buffer overflows, integer overflows, or logic bypasses in authentication and financial calculations. By manipulating input values that exceed the target type’s capacity, adversaries can trigger dangerous behaviors that compromise system integrity or confidentiality. Developers mitigate this risk by implementing rigorous input validation, ensuring explicit checks for range boundaries before conversion, and utilizing safe libraries that handle type casting securely. Additionally, employing static analysis tools and adhering to strict coding standards helps identify potential conversion errors early in the development lifecycle, preventing these vulnerabilities from reaching production environments.

MITRE CWE Description
When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.
Common Consequences (1)
Other, IntegrityUnexpected State, Quality Degradation
The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability.
Mitigations (1)
ImplementationAvoid making conversion between numeric types. Always check for the allowed ranges.
Examples (2)
In the following Java example, a float literal is cast to an integer, thus causing a loss of precision.
int i = (int) 33457.8f;
Bad · Java
This code adds a float and an integer together, casting the result to an integer.
$floatVal = 1.8345; $intVal = 3; $result = (int)$floatVal + $intVal;
Bad · PHP
CVE IDTitleCVSSSeverityPublished
CVE-2021-37669 Crash in NMS ops caused by integer conversion to unsigned in TensorFlow — tensorflow 5.5 Medium2021-08-12
CVE-2021-37646 Bad alloc in `StringNGrams` caused by integer conversion in TensorFlow — tensorflow 5.5 Medium2021-08-12
CVE-2021-37661 Crash caused by integer conversion to unsigned in TensorFlow — tensorflow 5.5 Medium2021-08-12
CVE-2021-37645 Integer overflow due to conversion to unsigned in TensorFlow — tensorflow 5.5 Medium2021-08-12
CVE-2021-29539 Segfault in tf.raw_ops.ImmutableConst — tensorflow 2.5 Low2021-05-14
CVE-2020-28588 Linux kernel 安全漏洞 — Linux Kernel 6.2 -2021-05-10
CVE-2020-15225 Denial of Service vulnerability in django-filter — django-filter 7.5 High2021-04-29
CVE-2021-3444 Linux kernel bpf verifier incorrect mod32 truncation — kernel 7.8 High2021-03-23
CVE-2020-4032 Integer casting vulnerability in `update_recv_secondary_order` in FreeRDP — FreeRDP 3.1 Low2020-06-22
CVE-2019-14842 libnbd 输入验证错误漏洞 — libnbd 9.8 -2019-11-26
CVE-2019-10203 PowerDNS Authoritative Server 资源管理错误漏洞 — pdns 6.5 -2019-11-22

Vulnerabilities classified as CWE-681 (数值类型间的不正确转换) represent 41 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.