CWE-1335 - Incorrect Bitwise Shift of Integer
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2021-07-20
- Latest Modification Date:2023-06-29
Weakness Name
Incorrect Bitwise Shift of Integer
Description
An integer value is specified to be shifted by a negative amount or an amount greater than or equal to the number of bits contained in the value causing an unexpected or indeterminate result.
Specifying a value to be shifted by a negative amount is undefined in various languages. Various computer architectures implement this action in different ways. The compilers and interpreters when generating code to accomplish a shift generally do not do a check for this issue. Specifying an over-shift, a shift greater than or equal to the number of bits contained in a value to be shifted, produces a result which varies by architecture and compiler. In some languages, this action is specifically listed as producing an undefined result.
Common Consequences
Scope: Integrity
Impact: DoS: Crash, Exit, or Restart
