...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT31-C | high | probable | high | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
| ||||||||||||
|
|
|
| ||||||||||||
|
|
|
| ||||||||||||
|
|
|
| ||||||||||||
|
|
|
| ||||||||||||
|
|
|
| ||||||||||||
|
|
|
|
Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.
Related Vulnerabilities
...
[CVE-2009-1376|http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1376] results from a violation of this rule. In version 2.5.5 of Pidgin, an unsigned integer ({{offset}}) is set to the value of a 64-bit unsigned integer, which can lead to truncation \[ [xorl 2009|http://xorl.wordpress.com/2009/05/28/cve- 2009-1376-pidgin-msn-slp-integer-truncation/]\]. An attacker can execute arbitrary code by carefully choosing this value and causing a buffer overflow.
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
MITRE CWE: CWE-192, "Integer Coercion Error,"CWE-197, "Numeric Truncation Error," CWE-681, "Incorrect Conversion between Numeric Types"
Bibliography
...
\[[Dowd 2006|AA. Bibliography#Dowd 06] \] Chapter 6, "C Language Issues" (Type Conversions, pp. 223-270)
\
[[Seacord 2005a|AA. Bibliography#Seacord 05] \] Chapter 5, "Integers"
\[
[Viega 2005|AA. Bibliography#Viega 05] \] Section 5.2.9, "Truncation error," Section 5.2.10, "Sign extension error," Section 5.2.11, "Signed to unsigned conversion error," and Section 5.2.12, "Unsigned to signed conversion error"
\[
[Warren 2002|AA. Bibliography#Warren 02] \] Chapter 2, "Basics"
\
[[xorl 2009|AA. Bibliography#xorl 2009] \] ["CVE-2009-1376: Pidgin MSN SLP Integer Truncation"|http://xorl.wordpress.com/2009/05/28/cve-2009-1376-pidgin-msn-slp-integer-truncation/]
...