Details
Alert Id 30003
Alert Type Active
Status beta
Risk Medium
CWE 190
WASC 3
Technologies Targeted Language / C
Tags OWASP_2017_A01
OWASP_2021_A03

Summary

An integer overflow condition exists when an integer used in a compiled program extends beyond the range limits and has not been properly checked from the input stream.

Solution

In order to prevent overflows and divide by 0 (zero) errors in the application, please rewrite the backend program, checking if the values of integers being processed are within the application's allowed range. This will require a recompilation of the backend executable.

References

Code

org/zaproxy/zap/extension/ascanrulesBeta/IntegerOverflowScanRule.java