Corgea LogoCorgea Security Hub

CWE-191: Integer Underflow (Wrap or Wraparound)

Learn about CWE-191 (Integer Underflow (Wrap or Wraparound)), its security impact, exploitation methods, and prevention guidelines.

What is Integer Underflow (Wrap or Wraparound)?

• Overview: Integer Underflow (Wrap or Wraparound) occurs when a subtraction operation results in a value lower than the minimum allowable integer value, causing the value to wrap around to a much larger number, deviating from the intended result. This can occur in both signed and unsigned integer operations.

• Exploitation Methods:

  • Attackers can exploit this vulnerability by manipulating inputs to trigger an underflow, potentially causing incorrect calculations or logic errors.
  • Common attack patterns include buffer overflows through array index manipulation and bypassing numeric constraints or checks.

• Security Impact:

  • Direct consequences of successful exploitation include unexpected behavior, application crashes, or incorrect program logic.
  • Potential cascading effects can lead to security bypass, data corruption, or unauthorized data access.
  • Business impact includes compromised data integrity, potential data breaches, and loss of customer trust.

• Prevention Guidelines:

  • Specific code-level fixes include using safe integer libraries or built-in functions that check for and handle underflow conditions.
  • Security best practices involve thorough input validation, boundary checking, and using data types that can safely accommodate required ranges.
  • Recommended tools and frameworks include static analysis tools to detect potential underflows and adopting languages or libraries with built-in integer overflow/underflow protection.

Corgea can automatically detect and fix Integer Underflow (Wrap or Wraparound) in your codebase. Try Corgea free today.

Technical Details

Likelihood of Exploit: Not specified

Affected Languages: C, C++, Java, C#

Affected Technologies: Not specified

Vulnerable Code Example

C Example: Integer Underflow (Wrap or Wraparound)

#include <stdio.h>

void processInput(int input) {
    // Vulnerable code: Subtracting 1 from 'input' without checking can cause an integer underflow
    int result = input - 1;
    
    // If 'input' is INT_MIN, subtracting 1 will wrap around to INT_MAX
    printf("Processed Result: %d\n", result);
}

int main() {
    int userInput = -2147483648; // INT_MIN for a 32-bit integer
    processInput(userInput);
    return 0;
}

In this vulnerable code example, the subtraction operation input - 1 is performed without checking if input is at its minimum possible value (INT_MIN). This can lead to an integer underflow, causing the result to unexpectedly wrap around to INT_MAX.

How to fix Integer Underflow (Wrap or Wraparound)?

To fix this vulnerability, we must ensure that any subtraction operation doesn't result in an integer underflow. This can be done by adding a conditional check that verifies whether the operation will cause an underflow. If the potential for underflow exists, handle the situation gracefully, such as by logging an error or setting a minimum value limit.

Specific Best Practices:

  1. Boundary Checking: Always check if the operation will exceed the minimum allowable integer value.
  2. Error Handling: Gracefully handle cases where operations result in underflow by managing bounds.
  3. Use Safe Libraries: When available, use libraries or functions that automatically handle such boundary conditions.

Fixed Code Example

#include <stdio.h>
#include <limits.h> // For INT_MIN

void processInput(int input) {
    // Fixed code: Check if the subtraction would cause underflow
    if (input > INT_MIN) {
        int result = input - 1;
        printf("Processed Result: %d\n", result);
    } else {
        // Handle the underflow case
        printf("Error: Integer underflow detected!\n");
    }
}

int main() {
    int userInput = -2147483648; // INT_MIN for a 32-bit integer
    processInput(userInput);
    return 0;
}

In the fixed code, we added a check to ensure that the input is greater than INT_MIN before performing the subtraction. This prevents the underflow from occurring. Additionally, the code now handles the case where an underflow might occur by printing an error message, providing a safer and more robust implementation. This approach follows best practices by preventing undefined behavior and ensuring program stability.

Corgea Logo

Find this vulnerability and fix it with Corgea

Scan your codebase for CWE-191: Integer Underflow (Wrap or Wraparound) and get remediation guidance

Start for free and no credit card needed.