The Vulnerability History Project

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

"The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer." - Entry from the Common Weakness Enumeration For more info visit <a href="https://cwe.mitre.org/data/definitions/119.html" target="_blank" rel="noopener noreferrer">CWE-119</a>


Bad things happen when integers wrap around

Loop counters, file sizes, malloc arguments, session tokens, primary keys... numbers are everywhere in our code. What happens when our numbers get very, _very_ big? Integer overflow, or wraparound, is much more dangerous than it seems.