CWE-680

Integer Overflow to Buffer Overflow

Compound

Draft

Description

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, leading to a buffer overflow.

Parent Weaknesses (ChildOf)

CWE-190: Integer Overflow or Wraparound...

Related Weaknesses

CWE-190 (StartsWith)

Common Consequences

Scope

Integrity

Availability

Confidentiality

Impact

Modify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands

CVE-2021-43537

Chain: in a web browser, an unsigned 64-bit integer is forcibly cast to a 32-bit integer (CWE-681) and potentially leading to an integer overflow (CWE-190). If an integer overflow occurs, this can cause heap memory corruption (CWE-122)

CVE-2017-1000121

chain: unchecked message size metadata allows integer overflow (CWE-190) leading to buffer overflow (CWE-119).

Applicable Platforms

Memory-Unsafe

C++

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-680

Integer Overflow to Buffer Overflow

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms