🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Integer Underflow

An integer underflow (or numeric underflow in general) happens when an arithmetic operation results in a numeric value that is outside of the range for the represented datatype (integer, long, double, etc). The arithmetic output wraps around to a wrong value. This causes a non-deterministic program behaviour such as program crash, validation bypass or denial of service.

Remediation

  • Use the arithmetic properties to check for overflow condition. For example, given positive x and y, x + y is always equal or bigger than x or y. When overflow happens, the result of addition does not follow this math property.
  • Use a dynamic data type (e.g. BigInteger) for boundary check before assigning the value to the fixed data type (e.g. Integer).
  • Refer to SecDim's Numeric Overflow short course for more information.

Metadata

  • Severity: low
  • Slug: integer-underflow

CWEs

  • 128: Wrap-around Error
  • 191: Integer Underflow (Wrap or Wraparound)

OWASP

  • SC08:2025: Integer Overflow and Underflow

Available Labs

Open C labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.