Integer Overflow Attack

From Guidance Share

Jump to: navigation, search

Description

In computer programming, an integer overflow is an anomalous condition which may cause a buffer overflow, resulting in a computer security risk where adjacent, valid program control data may be overwritten, permitting the execution of arbitrary, and potentially harmful code. (http://en.wikipedia.org/wiki/Integer_overflow)


Vulnerabilities

  • Integer assignment or integer operations being carried out without validating the untrusted input


Countermeasures

  • Utilize platform checks for integer overflow/underflow (e.g., CheckForOverflowUnderflow in C#, RemoveIntegerChecks in VB.NET)
  • Validate the untrusted input for upper and lower limits
Personal tools