CWE WEAKNESSES / CWE-191
CWE-191
Integer Underflow (Wrap or Wraparound)
Base
What it is
The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.
This can happen in signed and unsigned cases.
Impact
| Availability | DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability |
| Integrity | Modify Memory |
| Confidentiality, Availability, Access Control | Execute Unauthorized Code or Commands, Bypass Protection Mechanism |
Real-world CVE examples
- CVE-2004-0816 — Integer underflow in firewall via malformed packet.
- CVE-2004-1002 — Integer underflow by packet with invalid length.
- CVE-2005-0199 — Long input causes incorrect length calculation.
- CVE-2005-1891 — Malformed icon causes integer underflow in loop counter variable.
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →