Skip to content

Exploitable Programming Constructs with Numbers: Part 3

Published on

How to detect and mitigate Unsigned Integer Wraparound (CWE-190), Signed Integer Overflow (CWE-190), and Numeric Truncation (CWE-197). Many famous exploitable numerical programming constructs are detectable either at compile-time, in instrumented builds, or at runtime. Knowing how to use the tools available helps detect and fix these issues in your own code.