CWE-128 3 CVEs MITRE definition ↗

CWE-128: Wrap-around Error

Overview

CWE-128 (Wrap-around Error) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

Wrap around errors occur whenever a value is incremented past the maximum value for its type and therefore "wraps around" to a very small, negative, or undefined value.

Background details

Extended context from the CWE catalog (rendered from MITRE XHTML).

Due to how addition is performed by computers, if a primitive is incremented past the maximum value possible for its storage space, the system will not recognize this, and therefore increment each bit as if it still had extra space. Because of how negative numbers are represented in binary, primitives interpreted as signed may "wrap" to very large negative values.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language C Often
language C++ Often

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2026-54905 2026-06-24 concurrent-ruby is a modern concurrency tools for Ruby. Prior to 1.3.7, Concurrent::ReentrantReadWriteLock can incorrectly grant a write lock after one thread acquires the read lock 32,768 times. The …
CVE-2024-23981 2024-08-14 Wrap-around error in Linux kernel mode driver for some Intel(R) Ethernet Network Controllers and Adapters before version 28.3 may allow an authenticated user to potentially enable escalation of privil…
CVE-2022-35258 2022-12-05 An unauthenticated attacker can cause a denial-of-service to the following products: Ivanti Connect Secure (ICS) in versions prior to 9.1R14.3, 9.1R15.2, 9.1R16.2, and 22.2R4, Ivanti Policy Secure (IP…

Content submission

Name
CLASP
Date
2006-07-19
Version
Draft 3

Content modifications

Date Name Version Importance Comment
2008-09-08 CWE Content Team 1.0 updated Applicable_Platforms, Background_Details, Common_Consequences, Relationships, Relationship_Notes, Taxonomy_Mappings, Weakness_Ordinalities
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-10-29 CWE Content Team 1.6 updated Common_Consequences, Relationships
2010-12-13 CWE Content Team 1.11 updated Background_Details
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Common_Consequences, Demonstrative_Examples, References, Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-01-19 CWE Content Team 2.10 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Causal_Nature, Taxonomy_Mappings
2020-02-24 CWE Content Team 4.0 updated Relationships
2021-03-15 CWE Content Team 4.4 updated Potential_Mitigations, References
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Detection_Factors
cvelogic Threat Intelligence