| Impact | Details |
|---|---|
|
DoS: Crash, Exit, or Restart |
Scope: Availability
If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service.
|
|
DoS: Crash, Exit, or Restart; DoS: Resource Consumption (Other); Execute Unauthorized Code or Commands |
Scope: Integrity, Confidentiality, Availability |
|
Gain Privileges or Assume Identity |
Scope: Access Control
In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources.
|
|
Bypass Protection Mechanism |
Scope: Access Control
If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code.
|
| Phase(s) | Mitigation |
|---|---|
|
Implementation |
Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
|
|
Implementation |
Strategy: Input Validation Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
|
|
Implementation |
Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
|
|
Architecture and Design |
Strategy: Language Selection Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences. Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). |
|
Architecture and Design |
Strategy: Libraries or Frameworks Use languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences. Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++). |
|
Implementation |
Strategy: Compilation or Build Hardening Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
|
|
Testing |
Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.
|
|
Testing |
Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
|
| Nature | Type | ID | Name |
|---|---|---|---|
| MemberOf | View View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). | 1000 | Research Concepts |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 128 | Wrap-around Error |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 131 | Incorrect Calculation of Buffer Size |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 135 | Incorrect Calculation of Multi-Byte String Length |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 190 | Integer Overflow or Wraparound |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 191 | Integer Underflow (Wrap or Wraparound) |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 193 | Off-by-one Error |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 369 | Divide By Zero |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 468 | Incorrect Pointer Scaling |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 469 | Use of Pointer Subtraction to Determine Size |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 1335 | Incorrect Bitwise Shift of Integer |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 1339 | Insufficient Precision or Accuracy of a Real Number |
| CanFollow | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 681 | Incorrect Conversion between Numeric Types |
| CanFollow | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 839 | Numeric Range Comparison Without Minimum Check |
| CanPrecede | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 170 | Improper Null Termination |
| Nature | Type | ID | Name |
|---|---|---|---|
| MemberOf | View View - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). | 1003 | Weaknesses for Simplified Mapping of Published Vulnerabilities |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 131 | Incorrect Calculation of Buffer Size |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 190 | Integer Overflow or Wraparound |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 191 | Integer Underflow (Wrap or Wraparound) |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 193 | Off-by-one Error |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 369 | Divide By Zero |
| Nature | Type | ID | Name |
|---|---|---|---|
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 131 | Incorrect Calculation of Buffer Size |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 369 | Divide By Zero |
| Nature | Type | ID | Name |
|---|---|---|---|
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 131 | Incorrect Calculation of Buffer Size |
| ParentOf | Base Base - a weakness that is still mostly independent of a resource or technology, but with sufficient details to provide specific methods for detection and prevention. Base level weaknesses typically describe issues in terms of 2 or 3 of the following dimensions: behavior, property, technology, language, and resource. | 369 | Divide By Zero |
| Phase | Note |
|---|---|
| Implementation |
Class: Not Language-Specific (Undetermined Prevalence)
Class: Not Technology-Specific (Undetermined Prevalence)
Example 1
The following image processing code allocates a table for images.
This code intends to allocate a table of size num_imgs, however as num_imgs grows large, the calculation determining the size of the list will eventually overflow (CWE-190). This will result in a very small list to be allocated instead. If the subsequent code operates on the list as if it were num_imgs long, it may result in many types of out-of-bounds problems (CWE-119).
Example 2
This code attempts to calculate a football team's average number of yards gained per touchdown.
The code does not consider the event that the team they are querying has not scored a touchdown, but has gained yardage. In that case, we should expect an ArithmeticException to be thrown by the JVM. This could lead to a loss of availability if our error handling code is not set up correctly.
Example 3
This example attempts to calculate the position of the second byte of a pointer.
In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment.
Note: this is a curated list of examples for users to understand the variety of ways in which this weakness can be introduced. It is not a complete list of all CVEs that are related to this CWE entry.
| Reference | Description |
|---|---|
|
substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed
|
| Method | Details |
|---|---|
|
Manual Analysis |
This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program. Effectiveness: High Note:These may be more effective than strictly automated techniques. This is especially the case with weaknesses that are related to design and business rules. |
| Nature | Type | ID | Name |
|---|---|---|---|
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 738 | CERT C Secure Coding Standard (2008) Chapter 5 - Integers (INT) |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 739 | CERT C Secure Coding Standard (2008) Chapter 6 - Floating Point (FLP) |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 752 | 2009 Top 25 - Risky Resource Management |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 872 | CERT C++ Secure Coding Section 04 - Integers (INT) |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 873 | CERT C++ Secure Coding Section 05 - Floating Point Arithmetic (FLP) |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 977 | SFP Secondary Cluster: Design |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1137 | SEI CERT Oracle Secure Coding Standard for Java - Guidelines 03. Numeric Types and Operations (NUM) |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1158 | SEI CERT C Coding Standard - Guidelines 04. Integers (INT) |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1159 | SEI CERT C Coding Standard - Guidelines 05. Floating Point (FLP) |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1306 | CISQ Quality Measures - Reliability |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1308 | CISQ Quality Measures - Security |
| MemberOf | ViewView - a subset of CWE entries that provides a way of examining CWE content. The two main view structures are Slices (flat lists) and Graphs (containing relationships between entries). | 1340 | CISQ Data Protection Measures |
| MemberOf | CategoryCategory - a CWE entry that contains a set of other entries that share a common characteristic. | 1408 | Comprehensive Categorization: Incorrect Calculation |
Rationale
This CWE entry is extremely high-level, a Pillar. In many cases, lower-level children or descendants are more appropriate. However, sometimes this weakness is forced to be used due to the lack of in-depth weakness research. See Research Gaps.Comments
Where feasible, consider children or descendants of this entry instead.Research Gap
Weaknesses related to this Pillar appear to be under-studied, especially with respect to classification schemes. Input from academic and other communities could help identify and resolve gaps or organizational difficulties within CWE.
| Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
|---|---|---|---|
| CERT C Secure Coding | FLP32-C | CWE More Abstract | Prevent or detect domain and range errors in math functions |
| CERT C Secure Coding | INT07-C | Use only explicitly signed or unsigned char type for numeric values | |
| CERT C Secure Coding | INT13-C | Use bitwise operators only on unsigned operands | |
| CERT C Secure Coding | INT33-C | CWE More Abstract | Ensure that division and remainder operations do not result in divide-by-zero errors |
| CERT C Secure Coding | INT34-C | CWE More Abstract | Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand |
| Submissions | ||
|---|---|---|
| Submission Date | Submitter | Organization |
|
2008年04月11日
(CWE Draft 9, 2008年04月11日) |
CWE Content Team | MITRE |
| Modifications | ||
| Modification Date | Modifier | Organization |
|
2025年09月09日
(CWE 4.18, 2025年09月09日) |
CWE Content Team | MITRE |
| updated References | ||
| 2023年06月29日 | CWE Content Team | MITRE |
| updated Mapping_Notes, Research_Gaps | ||
| 2023年04月27日 | CWE Content Team | MITRE |
| updated Relationships, Time_of_Introduction | ||
| 2023年01月31日 | CWE Content Team | MITRE |
| updated Description, Potential_Mitigations | ||
| 2021年07月20日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2020年12月10日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2020年08月20日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2020年02月24日 | CWE Content Team | MITRE |
| updated Applicable_Platforms, Observed_Examples, Relationships, Type | ||
| 2019年06月20日 | CWE Content Team | MITRE |
| updated Related_Attack_Patterns, Relationships | ||
| 2019年01月03日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2017年11月08日 | CWE Content Team | MITRE |
| updated Taxonomy_Mappings | ||
| 2017年01月19日 | CWE Content Team | MITRE |
| updated Applicable_Platforms | ||
| 2015年12月07日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2014年07月30日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2014年02月18日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2012年05月11日 | CWE Content Team | MITRE |
| updated Demonstrative_Examples, References, Relationships | ||
| 2011年09月13日 | CWE Content Team | MITRE |
| updated Relationships, Taxonomy_Mappings | ||
| 2011年06月01日 | CWE Content Team | MITRE |
| updated Common_Consequences | ||
| 2011年03月29日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2010年09月27日 | CWE Content Team | MITRE |
| updated Potential_Mitigations | ||
| 2010年06月21日 | CWE Content Team | MITRE |
| updated Potential_Mitigations | ||
| 2010年04月05日 | CWE Content Team | MITRE |
| updated Detection_Factors, Potential_Mitigations, References | ||
| 2010年02月16日 | CWE Content Team | MITRE |
| updated Potential_Mitigations | ||
| 2009年10月29日 | CWE Content Team | MITRE |
| updated Demonstrative_Examples, Relationships | ||
| 2009年07月27日 | CWE Content Team | MITRE |
| updated Demonstrative_Examples, Related_Attack_Patterns | ||
| 2009年05月27日 | CWE Content Team | MITRE |
| updated Demonstrative_Examples | ||
| 2009年03月10日 | CWE Content Team | MITRE |
| updated Potential_Mitigations | ||
| 2009年01月12日 | CWE Content Team | MITRE |
| updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Potential_Mitigations, Relationships | ||
| 2008年11月24日 | CWE Content Team | MITRE |
| updated Relationships, Taxonomy_Mappings | ||
| 2008年10月14日 | CWE Content Team | MITRE |
| updated Type | ||
| 2008年09月08日 | CWE Content Team | MITRE |
| updated Relationships | ||
| 2008年07月01日 | Eric Dalci | Cigital |
| updated Potential_Mitigations, Time_of_Introduction | ||
Use of the Common Weakness Enumeration (CWE™) and the associated references from this website are subject to the Terms of Use. CWE is sponsored by the U.S. Department of Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency (CISA) and managed by the Homeland Security Systems Engineering and Development Institute (HSSEDI) which is operated by The MITRE Corporation (MITRE). Copyright © 2006–2025, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.