CWE-128
Wrap-around Error
Common consequences3
- AvailabilityDoS: Crash, Exit, or RestartDoS: Resource Consumption (CPU)DoS: Resource Consumption (Memory)DoS: Instability
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
- IntegrityModify Memory
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
- ConfidentialityAvailabilityAccess ControlExecute Unauthorized Code or CommandsBypass Protection Mechanism
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
Potential mitigations3
Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
- Architecture and Design
Provide clear upper and lower bounds on the scale of any protocols designed.
- Implementation
Perform validation on all incremented variables to ensure that they remain within reasonable bounds.
CVEs referencing this CWE2
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2022-35258 | An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IPS) in versions prior to 9.1R17 and 22.3R1, and Ivanti Neurons for Zero-Trust Access in versions prior to 22.3R1. | HIGH7.5 | 2.52%p83 | 2024-11-21 | |
| CVE-2024-23981 | Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privilege via local access. | HIGH8.8 | 0.18%p8 | 2024-09-06 |