# Integer Overflow or Wraparound (CWE-190) The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. - Prevalence: Mittel 3 Sprachen abgedeckt - Impact: Mittel Review empfohlen - Prevention: Dokumentiert 3 Fix-Beispiele **OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5 ## Description An integer overflow occurs when an arithmetic operation attempts to create a numeric value that is outside of the range that can be represented with a given number of bits. This can lead to buffer overflows, incorrect financial calculations, or security bypasses. ## Prevention Präventionsstrategien für Integer Overflow basierend auf 3 Shoulder-Erkennungsregeln. ### Go Validate bounds before arithmetic operations with user-controlled integers ### JavaScript Validate numeric bounds before using user input in allocations or arithmetic ### Python Validate numeric bounds before arithmetic operations on user input ## Warning Signs - [MEDIUM] user-controlled values flowing into arithmetic operations without bounds checking - [LOW] potential integer overflow in numeric operations ## Consequences - DoS - Nicht autorisierten Code ausführen - Anwendungsdaten ändern ## Mitigations - Verwende Sprachen oder Bibliotheken, die Integer-Überläufe prüfen - Stelle sicher, dass Eingaben innerhalb der erwarteten Bereiche liegen - Verwende sichere Arithmetikfunktionen, die auf Überlauf prüfen ## Detection - Total rules: 3 - Languages: go, javascript, typescript, python ## Rules by Language ### Go (1 rules) - **Integer Overflow via Unchecked Arithmetic** [MEDIUM]: User-controlled integer used in arithmetic or allocation without bounds checking. - Remediation: Validate bounds before arithmetic operations with user input. ```go count, err := strconv.Atoi(r.URL.Query().Get("count")) if err != nil || count < 0 || count > 10000 { return errors.New("invalid count") } buffer := make([]byte, count*1024) ``` Learn more: https://shoulder.dev/learn/go/cwe-190/integer-overflow ### Javascript (1 rules) - **Integer Overflow via Unchecked Arithmetic** [MEDIUM]: Detects user-controlled values flowing into arithmetic operations without bounds checking. While JavaScript uses 64-bit floats for most numbers, integer overflow is still a concern in these scenarios: 1. TypedArrays (Uint8Array, Int32Array, etc.) - values wrap on overflow 2. Bitwise operations - convert to 32-bit signed integers 3. Large number arithmetic affecting security decisions 4. Array/Buffer allocation with user-controlled sizes Common vulnerable patterns: - Buffer allocation: Buffer.a - Remediation: Validate numeric bounds before using user input in allocations: ```javascript const MAX_SIZE = 1024 * 1024; const size = parseInt(req.query.size, 10); if (isNaN(size) || size < 0 || size > MAX_SIZE) { return res.status(400).send('Invalid size'); } const buffer = Buffer.alloc(size); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-190/integer-overflow ### Typescript (1 rules) - **Integer Overflow via Unchecked Arithmetic** [MEDIUM]: Detects user-controlled values flowing into arithmetic operations without bounds checking. While JavaScript uses 64-bit floats for most numbers, integer overflow is still a concern in these scenarios: 1. TypedArrays (Uint8Array, Int32Array, etc.) - values wrap on overflow 2. Bitwise operations - convert to 32-bit signed integers 3. Large number arithmetic affecting security decisions 4. Array/Buffer allocation with user-controlled sizes Common vulnerable patterns: - Buffer allocation: Buffer.a - Remediation: Validate numeric bounds before using user input in allocations: ```javascript const MAX_SIZE = 1024 * 1024; const size = parseInt(req.query.size, 10); if (isNaN(size) || size < 0 || size > MAX_SIZE) { return res.status(400).send('Invalid size'); } const buffer = Buffer.alloc(size); ``` Learn more: https://shoulder.dev/learn/javascript/cwe-190/integer-overflow ### Python (1 rules) - **Integer Overflow / Large Number Handling** [LOW]: Detects potential integer overflow in numeric operations. - Remediation: Validate numeric bounds before arithmetic operations. ```python from flask import request, jsonify @app.route('/calculate') def calculate(): count = int(request.args.get('count', 0)) if count < 0 or count > 10000: return jsonify({'error': 'Invalid count'}), 400 result = count * unit_price return jsonify({'total': result}) ``` Learn more: https://shoulder.dev/learn/python/cwe-190/integer-overflow