Questions about this topic? Sign up to ask in the talk tab.

User:Xochipilli/Integer Overflow Vulnerability

From NetSec
< User:Xochipilli
Revision as of 02:28, 16 May 2012 by LashawnSeccombe (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search
RPU0j.png
Xochipilli/Integer Overflow Vulnerability is currently in-progress. You are viewing an entry that is unfinished.

Overview

Main article: Bitwise_math#Overflows

An integer overflow or underflow occurs when an integer exceeds its bounds (MIN_INT and MAX_INT for signed integers).

Exploitation

Integer overflow is expected behavior, however, it can lead to exploitation in certain circumstances. For example, an integer may be casted to a smaller type after the application validates it. If that integer is then used to allocate or copy memory, it could lead to a Buffer Overflow or Denial of Service (DoS) attack. Consider the following trivial example: