CWE-194 (Unexpected Sign Extension) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
The product performs an operation on a number that causes it to be sign extended when it is transformed into a larger data type. When the original number is negative, this can produce unexpected values that lead to resultant weaknesses.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | C | — | Undetermined | — |
| language | C++ | — | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2025-13632 | 2025-12-02 | Inappropriate implementation in DevTools in Google Chrome prior to 143.0.7499.41 allowed an attacker who convinced a user to install a malicious extension to potentially perform a sandbox escape via a… |
| CVE-2022-32138 | 2022-06-24 | In multiple CODESYS products, a remote attacker may craft a request which may cause an unexpected sign extension, resulting in a denial-of-service condition or memory overwrite. |
| CVE-2021-38434 | 2021-10-18 | FATEK Automation WinProladder versions 3.30 and prior lacks proper validation of user-supplied data when parsing project files, which could result in an unexpected sign extension. An attacker could le… |
| CVE-2020-13544 | 2021-01-06 | An exploitable sign extension vulnerability exists in the TextMaker document parsing functionality of SoftMaker Office 2021’s TextMaker application. A specially crafted document can cause the document… |
| CVE-2018-10887 | 2018-07-10 | A flaw was found in libgit2 before version 0.27.3. It has been discovered that an unexpected sign extension in git_delta_apply function in delta.c file may lead to an integer overflow which in turn le… |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Applicable_Platforms, Common_Consequences, Description, Relationships, Taxonomy_Mappings |
| 2008-11-05 | CWE Content Team | 1.1 | — | complete rewrite of the entire entry |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Common_Consequences, Demonstrative_Examples, Description, Maintenance_Notes, Name, Observed_Examples, Potential_Mitigations, References, Relationship_Notes, Relationships |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Demonstrative_Examples |
| 2009-10-29 | CWE Content Team | 1.6 | — | updated Demonstrative_Examples |
| 2010-04-05 | CWE Content Team | 1.8.1 | — | updated Demonstrative_Examples |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Applicable_Platforms |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated Demonstrative_Examples, Relationships |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated References, Taxonomy_Mappings |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-06-25 | CWE Content Team | 4.1 | — | updated Observed_Examples |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2021-03-15 | CWE Content Team | 4.4 | — | updated Potential_Mitigations, References |
| 2023-01-31 | CWE Content Team | 4.10 | — | updated Description |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated References, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Detection_Factors, Weakness_Ordinalities |