| name | cwe-191-integer-underflow | |||||
|---|---|---|---|---|---|---|
| description | Use this skill when you need to remediate CWE-191 (Integer Underflow) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing integer underflow issues. | |||||
| version | 1.0.0 | |||||
| license | MIT | |||||
| tags |
|
Integer Underflow
Reference: https://cwe.mitre.org/data/definitions/191.html
OWASP Category: A03:2021 – Injection
// VULNERABLE: Possible underflow
int balance = user.getBalance();
int withdrawal = request.getAmount();
user.setBalance(balance - withdrawal); // Could underflowWhy it's vulnerable: This pattern is vulnerable to Integer Underflow
// SECURE: Check for underflow
int balance = user.getBalance();
int withdrawal = request.getAmount();
if (withdrawal > balance) {
throw new IllegalArgumentException("Insufficient funds");
}
// Or use Math.subtractExact for automatic overflow detection
user.setBalance(Math.subtractExact(balance, withdrawal));Why it's secure: Implements proper protection against Integer Underflow
Look for these patterns in your codebase:
# Find subtraction operations
grep -rn "balance.*-\\|index.*-" --include="*.java"-
Validate input values before arithmetic
-
Use Math.subtractExact() for automatic overflow/underflow detection
-
Check bounds before array index calculations
import java.lang.Math;After remediation:
-
Run SAST scanner to confirm vulnerability is resolved
-
Review all instances of the vulnerable pattern
-
Add unit tests that verify the secure implementation
-
Check for similar patterns in related code
Fix CWE-191 vulnerability
Resolve Integer Underflow issue
Secure this Java code against integer underflow
SAST reports CWE-191
| Layer | Files | Patterns |
|---|
| Controller | *Controller.java | User input handling |
| Service | *Service.java | Business logic |
| Repository | *Repository.java | Data access |
Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07