BaseIncomplete

CWE-839Numeric Range Comparison Without Minimum Check

Category: other

Description

The product checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.

Common consequences· 3

  • Integrity / Confidentiality / Availability — Modify Application Data, Execute Unauthorized Code or Commands
    An attacker could modify the structure of the message or data being sent to the downstream component, possibly injecting commands.
  • Availability — DoS: Resource Consumption (Other)
    in some contexts, a negative value could lead to resource consumption.
  • Confidentiality / Integrity — Modify Memory, Read Memory
    If a negative value is used to access memory, buffers, or other indexable structures, it could access memory outside the bounds of the buffer.

Potential mitigations· 2

  • [Implementation]If the number to be used is always expected to be positive, change the variable type from signed to unsigned or size_t.
  • [Implementation]If the number to be used could have a negative value based on the specification (thus requiring a signed value), but the number should only be positive to preserve code correctness, then include a check to ensure that the value is positive.

References

  1. https://cwe.mitre.org/data/definitions/839.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Permissive Regular Expression
CWE
Improper Input Validation
CWE
Improper Validation of Specified Type of Input
CWE
Improper Validation of Specified Quantity in Input
CWE
Improper Handling of Undefined Values
CWE
Persistent Storable Data Element without Associated Comparison Control Element
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.