CWE-197: Numeric Truncation Error
ID
CWE-197
Abstraction
Base
Structure
Simple
Status
Incomplete
Number of CVEs
30
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.
Modes of Introduction
Phase | Note |
---|---|
Implementation |
Applicable Platforms
Type | Class | Name | Prevalence |
---|---|---|---|
Language | C | ||
Language | C++ | ||
Language | Java | ||
Language | C# |
Relationships
View | Weakness | |||||||
---|---|---|---|---|---|---|---|---|
# ID | View | Status | # ID | Name | Abstraction | Structure | Status | |
CWE-1000 | Research Concepts | Draft | CWE-681 | Incorrect Conversion between Numeric Types | Base | Simple | Draft | |
CWE-1305 | CISQ Quality Measures (2020) | Incomplete | CWE-681 | Incorrect Conversion between Numeric Types | Base | Simple | Draft | |
CWE-1340 | CISQ Data Protection Measures | Incomplete | CWE-681 | Incorrect Conversion between Numeric Types | Base | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-195 | Signed to Unsigned Conversion Error | Variant | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-196 | Unsigned to Signed Conversion Error | Variant | Simple | Draft | |
CWE-1000 | Research Concepts | Draft | CWE-192 | Integer Coercion Error | Variant | Simple | Incomplete | |
CWE-1000 | Research Concepts | Draft | CWE-194 | Unexpected Sign Extension | Variant | Simple | Incomplete |
CVEs Published
CVSS Severity
CVSS Severity - By Year
CVSS Base Score
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |
Loading...