...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT02-C | medium | probable | medium | P8 | L2 |
Automated Detection
Compass/ROSE does not currently detect violations of this rule, but it can by reporting comparisons between unsigned integer types and signed integer types.
Related Vulnerabilities
This vulnerability in Adobe Flash arises because Flash passes a signed integer to calloc(). An attacker has control over this integer, and can send negative numbers. Because calloc() takes size_t, which is unsigned, the negative number is converted to a very large number, which is generally too big to allocate, and as a result calloc() returns NULL, permitting the vulnerability to exist.
...