BaseIncomplete

CWE-197Numeric Truncation Error

Category: other

Description

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion. When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.

Common consequences· 1

  • Integrity — Modify Memory
    The true value of the data is lost and corrupted data is used.

Potential mitigations· 1

  • [Implementation]Ensure that no casts, implicit or explicit, take place that move from a larger size primitive or a smaller size primitive.

References

  1. https://cwe.mitre.org/data/definitions/197.html

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2025-6965cve-2025-69650%live
KEVEntryFortinet FortiOS Heap-Based Buffer Overflow Vulnerabilitykev-cve-2022-424750%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Integer Coercion Error
CWE
Incorrect Conversion between Numeric Types
CWE
Signed to Unsigned Conversion Error
CWE
Integer Underflow (Wrap or Wraparound)
CWE
Incorrect Bitwise Shift of Integer
CWE
Wrap-around Error
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.