Integer Overflow Attack

Description

In computer programming, an integer overflow is an anomalous condition which may cause a buffer overflow, resulting in a computer security risk where adjacent, valid program control data may be overwritten, permitting the execution of arbitrary, and potentially harmful code. (http://en.wikipedia.org/wiki/Integer_overflow)

Vulnerabilities

• Integer assignment or integer operations being carried out without validating the untrusted input

Countermeasures

• Utilize platform checks for integer overflow/underflow (e.g., CheckForOverflowUnderflow in C#, RemoveIntegerChecks in VB.NET)
• Validate the untrusted input for upper and lower limits