Integer Attacks |
Attack Pattern ID: 128 (Standard Attack Pattern Completeness: Stub) | Typical Severity: Medium | Status: Draft |
Integer Attacks |
Attack Pattern ID: 128 (Standard Attack Pattern Completeness: Stub) | Typical Severity: Medium | Status: Draft |
Summary
An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.
The target application must have an integer variable for which only some of the possible integer values are expected by the application and where there are no checks on the value of the variable before use.
The attacker must be able to manipulate the targeted integer variable such that normal operations result in non-standard values due to the storage structure of integers.
CWE-ID | Weakness Name | Weakness Relationship Type |
---|---|---|
682 | Incorrect Calculation | Targeted |
Nature | Type | ID | Name | Description | View(s) this relationship pertains to |
---|---|---|---|---|---|
ChildOf | Category | 255 | Data Structure Attacks | Mechanism of Attack (primary)1000 | |
ChildOf | Category | 336 | WASC Threat Classification 2.0 - WASC-03 - Integer Overflows | WASC Threat Classification 2.0333 | |
ParentOf | Attack Pattern | 92 | Forced Integer Overflow | Mechanism of Attack (primary)1000 |
Security-Database help your corporation foresee and avoid any security risks that may impact your IT infrastructure and business applications.
28 June 2016