CWE-192
Integer Coercion Error
Extended description
Several flaws fall under the category of integer coercion errors. For the most part, these errors in and of themselves result only in availability and data integrity issues. However, in some circumstances, they may result in other, more complicated security related flaws, such as buffer overflow conditions.
Common consequences3
- AvailabilityDoS: Resource Consumption (CPU)DoS: Resource Consumption (Memory)DoS: Crash, Exit, or Restart
Integer coercion often leads to undefined states of execution resulting in infinite loops or crashes.
- IntegrityConfidentialityAvailabilityExecute Unauthorized Code or Commands
In some cases, integer coercion errors can lead to exploitable buffer overflow conditions, resulting in the execution of arbitrary code.
- IntegrityOtherOther
Integer coercion errors result in an incorrect value being stored for the variable in question.
Potential mitigations3
- Requirements
A language which throws exceptions on ambiguous data casts might be chosen.
- Architecture and Design
Design objects and program flow such that multiple or complex casts are unnecessary
- Implementation
Ensure that any data type casting that you must used is entirely understood in order to reduce the plausibility of error in use.
Relationships1
- ChildOfCWE-681
CVEs referencing this CWE6
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2021-32996 | The FANUC R-30iA and R-30iB series controllers are vulnerable to integer coercion errors, which cause the device to crash. A restart is required. | HIGH7.5 | 1.06%p60 | 2025-04-17 | |
| CVE-2022-2639 | An integer coercion error was found in the openvswitch kernel module. Given a sufficiently large number of actions, while copying and reserving memory for a new action of a new flow, the reserve_sfa_size() function does not return -EMSGSIZE as expected, potentially leading to an out-of-bounds write access. This flaw allows a local user to crash or potentially escalate their privileges on the system. | HIGH7.8 | 0.78%p51 | PoC | 2024-11-21 |
| CVE-2014-125012 | A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is an unknown function of the file libavcodec/dxtroy.c. The manipulation leads to integer coercion error. It is possible to launch the attack remotely. It is recommended to apply a patch to fix this issue. | MEDIUM5.5 | 0.64%p46 | 2025-04-15 | |
| CVE-2014-125011 | A vulnerability was found in FFmpeg 2.0. It has been declared as problematic. Affected by this vulnerability is the function decode_frame of the file libavcodec/ansi.c. The manipulation leads to integer coercion error. The attack can be launched remotely. It is recommended to apply a patch to fix this issue. | HIGH7.8 | 0.55%p42 | 2025-04-15 | |
| CVE-2026-8275 | A vulnerability was detected in bettercap up to 2.41.5. Affected by this vulnerability is the function ippReadChunkedBody of the file modules/zerogod/zerogod_ipp_primitives.go of the component zerogod IPP Service. Performing a manipulation results in integer coercion error. The attack can be initiated remotely. The attack is considered to have high complexity. The exploitation appears to be difficult. The exploit is now public and may be used. The patch is named 3731d5576cffae9eefe3721cd46a40933304129f. To fix this issue, it is recommended to deploy a patch. | LOW3.7 | 0.52%p40 | 2026-05-14 | |
| CVE-2026-8276 | A flaw has been found in bettercap up to 2.41.5. Affected by this issue is some unknown functionality of the file modules/mysql_server/mysql_server.go of the component MySQL Server. Executing a manipulation can lead to integer coercion error. The attack can be launched remotely. The attack requires a high level of complexity. The exploitation is known to be difficult. The exploit has been published and may be used. This patch is called 0eaa375c5e5446bfba94a290eff92967a5deac9e. It is advisable to implement a patch to correct this issue. | LOW3.7 | 0.39%p31 | 2026-05-14 |