Difference between revisions of "Wrap-around error"

From OWASP
Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
 
(6 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/galeach/new189.html asian ezine
 
] [http://s1.shard.jp/galeach/new170.html regional asia japan education] [http://s1.shard.jp/galeach/new12.html asian inspired bathroom
 
] [http://s1.shard.jp/bireba/antivirus-tests.html rating antivirus software
 
] [http://s1.shard.jp/olharder/general-motor.html auto roundup.com
 
] [http://s1.shard.jp/frhorton/a8agxerme.html africa ancient religion
 
] [http://s1.shard.jp/olharder/automotive-tool.html auto trader uks
 
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/bireba/eztrust-antivirus.html avg antivirus windows xp
 
] [http://s1.shard.jp/bireba/download-symantec.html download symantec antivirus client.msi] [http://s1.shard.jp/frhorton/mxbohv5lf.html african american north dakota
 
] [http://s1.shard.jp/olharder/dealer-de-auto.html accidentes de auto video
 
] [http://s1.shard.jp/losaul/when-is-fathers.html australian accounting standards
 
] [http://s1.shard.jp/olharder/autoroll-654.html webmap] [http://s1.shard.jp/galeach/new159.html 16 asian girl myspace.com old site year
 
] [http://s1.shard.jp/olharder/autoroll-654.html url] [http://s1.shard.jp/bireba/avast-avg-antivirus.html norton antivirus update files
 
] [http://s1.shard.jp/bireba/download-symantec.html norton antivirus live update download
 
] [http://s1.shard.jp/frhorton/9vces3l25.html african people's socialist party] [http://s1.shard.jp/bireba/symantic-antivirus.html quickheal antivirus download
 
] [http://s1.shard.jp/bireba/computer-associates.html antivirus review best
 
] [http://s1.shard.jp/olharder/ontario-auto-insurance.html automobile registration sticker
 
] [http://s1.shard.jp/galeach/new58.html art asian culture
 
] [http://s1.shard.jp/frhorton/eob9cf6xd.html aids education in south africa
 
] [http://s1.shard.jp/losaul/helicopters-australia.html australia big blog brother
 
] [http://s1.shard.jp/olharder/automobile-chart.html automotive devitt quote
 
] [http://s1.shard.jp/olharder/autoroll-654.html links] [http://s1.shard.jp/losaul/australia-credit.html theological colleges australia
 
] [http://s1.shard.jp/frhorton/c1k98s3rt.html kampala uganda africa
 
] [http://s1.shard.jp/bireba/antivirus-online.html norton antivirus 2003 software
 
] [http://s1.shard.jp/frhorton/qpxrkrvqf.html african lion feeding habits
 
] [http://s1.shard.jp/olharder/rockies-auto-colorado.html cotalings auto body
 
] [http://s1.shard.jp/galeach/new107.html asian beauty products
 
] [http://s1.shard.jp/losaul/alzeihmers-australia.html australia cardiopulmonary resuscitation south
 
] [http://s1.shard.jp/olharder/prestige-auto.html natwest bankline autopay service
 
] [http://s1.shard.jp/frhorton/zedmbj3he.html ancient african mask
 
] [http://s1.shard.jp/bireba/symantec-antivirus.html cyberscrub antivirus review
 
] [http://s1.shard.jp/bireba/clamav-antivirus.html norton antivirus corporate edition 7.5
 
] [http://s1.shard.jp/losaul/desert-map-of-australia.html make money from home australia
 
] [http://s1.shard.jp/olharder/luggage-rack-automobile.html prays auto
 
] [http://s1.shard.jp/losaul/miniature-australian.html german banks in australia
 
] [http://s1.shard.jp/losaul/australia-telescope.html australia gown wedding
 
] [http://s1.shard.jp/olharder/art-auto-ltd.html texas bill of sale automobile free
 
] [http://s1.shard.jp/olharder/long-term-auto.html bca auto leiloes pt
 
] [http://s1.shard.jp/olharder/autoroll-654.html page] [http://s1.shard.jp/losaul/ladies-fashion.html holden australia month
 
] [http://s1.shard.jp/bireba/panda-free-antivirus.html mdaemon antivirus
 
] [http://s1.shard.jp/bireba/antivirus-software.html antivirus expiration
 
] [http://s1.shard.jp/bireba/avast-free-antivirus.html top antivirus software reviews
 
 
http://www.texterlidelmon.com
 
 
{{Template:Vulnerability}}
 
{{Template:Vulnerability}}
 
{{Template:SecureSoftware}}
 
{{Template:SecureSoftware}}

Latest revision as of 07:49, 3 June 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.



Last revision (mm/dd/yy): 06/3/2009

Vulnerabilities Table of Contents

Description

Wrap around errors occur whenever a value is incriminated past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

Consequences

  • Availability: Wrap-around errors generally lead to undefined behavior, infinite loops, and therefore crashes.
  • Integrity: If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
  • Access control (instruction processing): A wrap around can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.

Exposure period

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Design: If the flow of the system or the protocols used are not well defined, it may make the possibility of wrap-around errors more likely.
  • Implementation: Many logic errors can lead to this condition.

Platform

  • Language: C, C++, Fortran, Assembly
  • Operating System: Any

Required resources

Any

Severity

High

Likelihood of exploit

Medium

Due to how addition is performed by computers, if a primitive is incremented past the maximum value possible for its storage space, the system will fail to recognize this, and therefore increment each bit as if it still had extra space.

Because of how negative numbers are represented in binary, primitives interpreted as signed may "wrap" to very large negative values.

Risk Factors

TBD

Examples

See the Examples section of the problem type Integer overflow for an example of wrap-around errors.


Related Attacks


Related Vulnerabilities


Related Controls

  • Requirements specification: The choice could be made to use a language that is not susceptible to these issues.
  • Design: Provide clear upper and lower bounds on the scale of any protocols designed.
  • Implementation: Place sanity checks on all incremented variables to ensure that they remain within reasonable bounds.

Related Technical Impacts


References

TBD