CWE-681 - Incorrect Conversion between Numeric Types

CWE-681 High

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Incorrect Conversion between Numeric Types

Description: When converting from one data type to another, such as long to integer, data can be omitted or translated in a way that produces unexpected values. If the resulting values are used in a sensitive context, then dangerous behaviors may occur.

Common Consequences: Scope: Other, Integrity
Impact: Unexpected State, Quality Degradation
Notes: The program could wind up using the wrong number and generate incorrect results. If the number is used to allocate resources or make a security decision, then this could introduce a vulnerability.

Related Weaknesses

CWE-704Incorrect Type Conversion or Cast

CWE-682Incorrect CalculationHigh

Release Date:
2008-04-11

Latest Modification Date:
2024-02-29

Free security scan for your website

Don't show website scan report rating on the leaderboard