CWE-197
Numeric Truncation Error
BaseIncompleteLikelihood: Low
Description
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.
Hierarchy (View 1000)
Parents
Children
none
CVEs mapped to this weakness (2)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-6965 | Cri | 0.67 | 9.8 | 0.02 | Jul 15, 2025 | There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recommend upgrading to version 3.50.2 or above. | |
| CVE-2026-42371 | Med | 0.33 | 5.1 | 0.00 | Apr 27, 2026 | uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. |