CWE-194β€”Unexpected Sign Extension

PUBLISHEDweakness recordHigh
released 2006-07-19 Β· last modified 2025-12-11

Metadata

CWE ID:
CWE-194
Abstraction:
Variant
Structure:
Simple
Status:
Incomplete
Release Date:
2006-07-19
Latest Modification Date:
2025-12-11

Weakness Name

Unexpected Sign Extension

Description

The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.

Common Consequences

Scope:
Integrity, Confidentiality, Availability, Other
Impact:
Read Memory, Modify Memory, Other
Notes:
When an unexpected sign extension occurs in code that operates directly on memory buffers, such as a size value or a memory index, then it could cause the program to write or read outside the boundaries of the intended buffer. If the numeric value is associated with an application-level resource, such as a quantity or price for a product in an e-commerce site, then the sign extension could produce a value that is much higher (or lower) than the application's allowable range.

Related Weaknesses