CWE-194βUnexpected Sign Extension
PUBLISHEDweakness recordHigh
released 2006-07-19 Β· last modified 2025-12-11
Metadata
- CWE ID:
- CWE-194
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Incomplete
- Release Date:
- 2006-07-19
- Latest Modification Date:
- 2025-12-11
Weakness Name
Unexpected Sign Extension
Description
The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.
Common Consequences
- Scope:
- Integrity, Confidentiality, Availability, Other
- Impact:
- Read Memory, Modify Memory, Other
- Notes:
- When an unexpected sign extension occurs in code that operates directly on memory buffers, such as a size value or a memory index, then it could cause the program to write or read outside the boundaries of the intended buffer. If the numeric value is associated with an application-level resource, such as a quantity or price for a product in an e-commerce site, then the sign extension could produce a value that is much higher (or lower) than the application's allowable range.