Standardseverity: MediumDraft

CAPEC-128Integer Attacks

Abstraction
Standard
Status
Draft
Severity
Medium

Description

An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.

Related weaknesses· 1

CWE-682

Related attack patterns· 1

CAPEC-153 (ChildOf)

Exploits1

TypeTargetConfidenceTier
WeaknessIncorrect Calculationcwe-682100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Forced Integer Overflow
CAPEC
Pointer Manipulation
CAPEC
Overflow Buffers
CAPEC
Buffer Manipulation
CAPEC
SOAP Array Overflow
CAPEC
Buffer Overflow via Parameter Expansion
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.