ZAP – Integer Overflow Error

Details
Alert ID	30003
Alert Type	Active
Status	beta
Risk	Medium
CWE	190
WASC	3
Technologies Targeted	Language / C
Tags	CWE-190 OWASP_2017_A01 OWASP_2021_A03 POLICY_API POLICY_PENTEST
More Info	Scan Rule Help

Summary

An integer overflow condition exists when an integer used in a compiled program extends beyond the range limits and has not been properly checked from the input stream.

Solution

In order to prevent overflows and divide by 0 (zero) errors in the application, please rewrite the backend program, checking if the values of integers being processed are within the application's allowed range. This will require a recompilation of the backend executable.

Other Info

Potential Integer Overflow. Status code changed on the input of a long string of random integers.

References

https://en.wikipedia.org/wiki/Integer_overflow
https://cwe.mitre.org/data/definitions/190.html

Code

org/zaproxy/zap/extension/ascanrulesBeta/IntegerOverflowScanRule.java