CWE-1335: Incorrect Bitwise Shift of Integer
ID
CWE-1335
Abstraction
Base
Structure
Simple
Status
Draft
Number of CVEs
2
An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.
Specifying a value to be shifted by a negative amount is undefined in various languages. Various computer architectures implement this action in different ways. The compilers and interpreters when generating code to accomplish a shift generally do not do a check for this issue.
Specifying an over-shift, a shift greater than or equal to the number of bits contained in a value to be shifted, produces a result which varies by architecture and compiler. In some languages, this action is specifically listed as producing an undefined result.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation | Adding shifts without properly verifying the size and sign of the shift amount. |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | C | ||
| Language | C++ | ||
| Language | C# | ||
| Language | Java | ||
| Language | JavaScript | ||
| Operating_system | Not OS-Specific | ||
| Technology | Not Technology-Specific |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...