angler-fish The Vulnerability History Project
angler-fish The Vulnerability History Project

CWE-190: Integer Overflow or Wraparound

"The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control." - Entry from the Common Weakness Enumeration For more info visit <a href="" target="_blank" rel="noopener noreferrer">CWE-190</a>


Bad things happen when integers wrap around

Loop counters, file sizes, malloc arguments, session tokens, primary keys... numbers are everywhere in our code. What happens when our numbers get very, _very_ big? Integer overflow, or wraparound, is much more dangerous than it seems.