Vulnerability Development mailing list archives
Re: [PAPER]: Integer array overflows.
From: "Steven M. Christey" <coley () mitre org>
Date: Tue, 16 Sep 2003 16:55:16 -0400 (EDT)
vade79, Thanks for writing this paper. It's papers like these that help to increase the awareness of emerging vulnerability classes and solidify terminology. Overflows by manipulating array indices have been reported in the past, but often under the increasingly-generic moniker "buffer overflow," which no longer adequately describes the nature of the underlying programming/design bug. It would be interesting if somebody tackled the difference between "integer overflows" and "signedness errors," as I've seen the terms being used interchangeably. Steve Christey CVE Editor
Current thread:
- [PAPER]: Integer array overflows. Vade 79 (Sep 16)
- <Possible follow-ups>
- Re: [PAPER]: Integer array overflows. Steven M. Christey (Sep 16)
- Re: [PAPER]: Integer array overflows. Yves Younan (Sep 22)