Cyber Resilience

CWE · MITRE source

CWE-197Numeric Truncation Error

Abstraction: Base · CVEs in our corpus: 47

Truncation errors occur when a primitive is cast to a primitive of a smaller size and data is lost in the conversion.

When a primitive is cast to a smaller primitive, the high order bits of the large value are lost in the conversion, potentially resulting in an unexpected value that is not equal to the original value. This value may be required as an index into a buffer, a loop iterator, or simply necessary state data. In any case, the value cannot be trusted and the system will be in an undefined state. While this method may be employed viably to isolate the low bits of a value, this usage is rare, and truncation usually implies that an implementation error has occurred.

Last updated: 04 July 2026 08:17 UTC

Cumulative inbound coverage

How completely the frameworks we cross-walk collectively cover this — the verdict is the strongest single mapping (overlapping partials are not summed); breadth shows the corroboration behind it.

Collective: partial · 3 mapping(s) from 1 framework(s): ATT&CK 3 (partial)

See the full cumulative-coverage rollup →

NIST 800-53 r5 controls that address this weakness (0)AI

Control Title Family Why it addresses this CWE
No NIST controls proposed yet.

MITRE ATT&CK techniques this weakness enables

Our own two-way CWE↔ATT&CK cross-walk — a direct mapping with no public source (the CWE→CAPEC→ATT&CK chain leaves most top weaknesses, incl. XSS and SQLi, mapped to nothing). Drafted by Grok and spot-checked by Claude Opus 4.8.

Direction: other covers this; this covers other (F/M/P = full / mostly / partial).

Top CVEs of this weakness type, ranked by Risk Priority

CVE Risk CVSS EPSS Published
CVE-2022-42475 KEV10.09.80.99472023-01-02
CVE-2025-6965 UPD8.07.70.73492025-07-15
CVE-2020-152027.09.00.01232020-09-25
CVE-2024-436397.09.80.08752024-11-12
CVE-2024-21310 UPD6.07.80.11512024-01-09
CVE-2022-346705.57.80.00272022-12-30
CVE-2022-346765.57.10.00262022-12-30
CVE-2023-353285.57.80.00422023-07-11
CVE-2023-367105.57.80.01112023-10-10
CVE-2024-21352 UPD5.58.80.01632024-02-13
CVE-2024-21391 UPD5.58.80.01632024-02-13
CVE-2024-21434 UPD5.57.80.00832024-03-12
CVE-2024-21440 UPD5.58.80.02032024-03-12
CVE-2024-21451 UPD5.58.80.01952024-03-12
CVE-2024-28944 UPD5.58.80.02352024-04-09
CVE-2024-29050 UPD5.58.40.01252024-04-09
CVE-2023-321435.58.80.01132024-05-03
CVE-2024-300095.58.80.01712024-05-14
CVE-2024-300145.57.50.01492024-05-14
CVE-2024-300155.57.50.01492024-05-14
CVE-2024-300225.57.50.01542024-05-14
CVE-2024-300235.57.50.01542024-05-14
CVE-2024-300245.57.50.01542024-05-14
CVE-2024-300295.57.50.01492024-05-14
CVE-2024-380445.57.20.02142024-07-09