Introduction to integer overflows and underflows
Integer overflow and underflow vulnerabilities are considered the eighth most dangerous vulnerability in the Common Weakness Enumeration (CWE) Top 25 List of 2019. These types of vulnerabilities are created by misuse of variable types and can be exploited to bypass protections against other types of vulnerabilities, like buffer overflows.
Variable types and sizes
Every programming language has the concept of different types of variables. A character, which can contain text data, is very different from an integer or a float. However, beyond these general types are additional distinctions between variables, and these distinctions are what make integer overflow and underflow vulnerabilities possible.
Most programming languages have the concept of signed and unsigned integers. A signed integer (as the name suggests) has a sign, allowing it to store both positive and negative values. An unsigned variable, on the other hand, can only store positive numbers.
As shown in the image above, signed and unsigned variables of a given size are written identically in a computer’s memory. The only difference is how the value is interpreted. In a signed value, a leading one means a negative number, while in an unsigned value, a one in the first spot just means a large number.
The other main distinction between different “integer” variable types is the size of the value that they can contain. Programming languages have the concepts of short, integer, long and beyond, each of which defines the size of the memory space allocated for that variable and the range of values that it can contain.
Integer overflows and underflows
Integer overflow and underflow vulnerabilities boil down to unsafe conversion between signed and unsigned variables and integer variable types of different sizes. It is generally permitted to convert between these different types and, in many cases, (Read more...)
*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/WM3E8s063rQ/