CWE-197 (Numeric Truncation Error) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.
Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.
| Kind | Name | Class | Prevalence | OS / CPE |
|---|---|---|---|---|
| language | C | — | Undetermined | — |
| language | C++ | — | Undetermined | — |
| language | Java | — | Undetermined | — |
| language | C# | — | Undetermined | — |
These CVEs are mapped to this weakness in this database and kept for traceability and search.
| CVE | Published | Summary |
|---|---|---|
| CVE-2026-44823 | 2026-06-09 | Integer underflow (wrap or wraparound) in Microsoft Office Excel allows an unauthorized attacker to execute code locally. |
| CVE-2026-40409 | 2026-06-09 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| CVE-2026-40404 | 2026-06-09 | Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability |
| CVE-2026-42944 | 2026-05-20 | NLnet Labs Unbound 1.14.0 up to and including version 1.25.0 has a vulnerability that results in heap overflow when encoding multiple NSID and/or DNS Cookie EDNS and/or EDNS Padding options in the rep… |
| CVE-2026-40380 | 2026-05-12 | Heap-based buffer overflow in Volume Manager Extension Driver allows an authorized attacker to execute code with a physical attack. |
| CVE-2026-44927 | 2026-05-08 | In uriparser before 1.0.2, there is pointer difference truncation to int in various places. |
| CVE-2026-42371 | 2026-04-27 | uriparser before 1.0.1 has numeric truncation in text range comparison, if an application accepts URIs with a length in gigabytes. |
| CVE-2026-32240 | 2026-03-12 | Cap'n Proto is a data interchange format and capability-based RPC system. Prior to 1.4.0, when using Transfer-Encoding: chunked, if a chunk's size parsed to a value of 2^64 or larger, it would be trun… |
| CVE-2025-10543 | 2025-12-02 | In Eclipse Paho Go MQTT v3.1 library (paho.mqtt.golang) versions <=1.5.0 UTF-8 encoded strings, passed into the library, may be incorrectly encoded if their length exceeds 65535 bytes. This may lead t… |
| CVE-2025-53723 | 2025-08-12 | Numeric truncation error in Windows Hyper-V allows an authorized attacker to elevate privileges locally. |
| CVE-2025-6965 | 2025-07-15 | There exists a vulnerability in SQLite versions before 3.50.2 where the number of aggregate terms could exceed the number of columns available. This could lead to a memory corruption issue. We recomme… |
| CVE-2025-49679 | 2025-07-08 | Numeric truncation error in Windows Shell allows an authorized attacker to elevate privileges locally. |
| CVE-2024-49018 | 2024-11-12 | SQL Server Native Client Remote Code Execution Vulnerability |
| CVE-2024-43639 | 2024-11-12 | Windows KDC Proxy Remote Code Execution Vulnerability |
| CVE-2024-43519 | 2024-10-08 | Microsoft WDAC OLE DB provider for SQL Server Remote Code Execution Vulnerability |
| CVE-2024-37337 | 2024-09-10 | Microsoft SQL Server Native Scoring Information Disclosure Vulnerability |
| CVE-2024-38125 | 2024-08-13 | Kernel Streaming WOW Thunk Service Driver Elevation of Privilege Vulnerability |
| CVE-2024-38086 | 2024-07-09 | Azure Kinect SDK Remote Code Execution Vulnerability |
| CVE-2024-38044 | 2024-07-09 | DHCP Server Service Remote Code Execution Vulnerability |
| CVE-2024-30029 | 2024-05-14 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability |
| Date | Name | Version | Importance | Comment |
|---|---|---|---|---|
| 2008-09-08 | CWE Content Team | 1.0 | — | updated Applicable_Platforms, Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings |
| 2008-11-24 | CWE Content Team | 1.1 | — | updated Relationships, Taxonomy_Mappings |
| 2009-05-27 | CWE Content Team | 1.4 | — | updated Demonstrative_Examples |
| 2009-07-27 | CWE Content Team | 1.5 | — | updated Description, Observed_Examples, Other_Notes, Research_Gaps |
| 2010-12-13 | CWE Content Team | 1.11 | — | updated Demonstrative_Examples |
| 2011-06-01 | CWE Content Team | 1.13 | — | updated Common_Consequences, Relationships, Taxonomy_Mappings |
| 2011-09-13 | CWE Content Team | 2.1 | — | updated Relationships, Taxonomy_Mappings |
| 2012-05-11 | CWE Content Team | 2.2 | — | updated References, Relationships, Taxonomy_Mappings |
| 2014-07-30 | CWE Content Team | 2.8 | — | updated Relationships, Taxonomy_Mappings |
| 2017-11-08 | CWE Content Team | 3.0 | — | updated Taxonomy_Mappings |
| 2019-01-03 | CWE Content Team | 3.2 | — | updated Relationships, Taxonomy_Mappings |
| 2020-02-24 | CWE Content Team | 4.0 | — | updated Relationships |
| 2020-08-20 | CWE Content Team | 4.2 | — | updated Relationships |
| 2020-12-10 | CWE Content Team | 4.3 | — | updated Relationships |
| 2022-06-28 | CWE Content Team | 4.8 | — | updated Observed_Examples |
| 2023-04-27 | CWE Content Team | 4.11 | — | updated Detection_Factors, Relationships |
| 2023-06-29 | CWE Content Team | 4.12 | — | updated Mapping_Notes |
| 2025-12-11 | CWE Content Team | 4.19 | — | updated Weakness_Ordinalities |