1. Home
  2. CWE Database
  3. CWE-196
Variant · Low-Medium

CWE-196: Unsigned to Signed Conversion Error

The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed pri...

CWE-196 · Variant Level ·3 Mitigations

Description

The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed primitive.

Although less frequent an issue than signed-to-unsigned conversion, unsigned-to-signed conversion can be the perfect precursor to dangerous buffer underwrite conditions that allow attackers to move down the stack where they otherwise might not have access in a normal buffer overflow condition. Buffer underwrites occur frequently when large unsigned values are cast to signed values, and then used as indexes into a buffer or for pointer arithmetic.

Potential Impact

Availability

DoS: Crash, Exit, or Restart

Integrity

Modify Memory

Integrity, Confidentiality, Availability, Access Control

Execute Unauthorized Code or Commands, Bypass Protection Mechanism

Mitigations & Prevention

Requirements

Choose a language which is not subject to these casting flaws.

Architecture and Design

Design object accessor functions to implicitly check values for valid sizes. Ensure that all functions which will be used as a size are checked previous to use as a size. If the language permits, throw exceptions rather than using in-band errors.

Implementation

Error check the return values of all functions. Be aware of implicit casts made, and use unsigned variables for sizes if at all possible.

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

CWE-681: Incorrect Conversion between Numeric Types

When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that ...

CWE-124: Buffer Underwrite ('Buffer Underflow')

The product writes to a buffer using an index or pointer that references a memory location prior to the beginning of the...

CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than ...

Taxonomy Mappings

  • CLASP: — Unsigned to signed conversion error
  • Software Fault Patterns: SFP1 — Glitch in computation

Frequently Asked Questions

What is CWE-196?

CWE-196 (Unsigned to Signed Conversion Error) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product uses an unsigned primitive and performs a cast to a signed primitive, which can produce an unexpected value if the value of the unsigned primitive can not be represented using a signed pri...

How can CWE-196 be exploited?

Attackers can exploit CWE-196 (Unsigned to Signed Conversion Error) to dos: crash, exit, or restart. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-196?

Key mitigations include: Choose a language which is not subject to these casting flaws.

What is the severity of CWE-196?

CWE-196 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.