What is the authoritative source for CWE-1389?

Incorrect Parsing of Numbers with Different Radices (CWE-1389) is catalogued in MITRE CWE and curated for EU compliance use cases by SQUR.

BaseIncomplete

CWE-1389Incorrect Parsing of Numbers with Different Radices

Category: other

The product parses numeric input assuming base 10 (decimal) values, but it does not account for inputs that use a different base number (radix).

Confidentiality — Read Application Data
An attacker may use an unexpected numerical base to access private application resources.
Integrity — Bypass Protection Mechanism, Alter Execution Logic
An attacker may use an unexpected numerical base to bypass or manipulate access control mechanisms.

[Implementation]If only decimal-based values are expected in the application, conditional checks should be created in a way that prevent octal or hexadecimal strings from being checked. This can be achieved by converting any numerical string to an explicit base-10 integer prior to the conditional check, to prevent octal or hex values from ever being checked against the condition.
[Implementation]If various numerical bases do need to be supported, check for leading values indicating the non-decimal base you wish to support (such as 0x for hex) and convert the numeric strings to integers of the respective base. Reject any other alternative-base string that is not intentionally supported by the application.
[Implementation]If regular expressions are used to validate IP addresses, ensure that they are bounded using ^ and $ to prevent base-prepended IP addresses from being matched.