Why is this an issue?
In \internal/core/services/instance.go:812-813\\, \cpuNano := int64(it.VCPUs) * NanoCPUsPerVCPU\\ and \memoryBytes := int64(it.MemoryMB) * BytesPerMB\\ could overflow if \it.VCPUs\\ or \it.MemoryMB\\ come from untrusted input or DB values with very large values.
What is causing it?
No overflow check before multiplication. If values exceed safe bounds, integer overflow occurs silently.
How can it be solved?
Add overflow checks or use \ MulDiv64\\ or checked arithmetic libraries before multiplication.
Category
Severity
Why is this an issue?
In \
internal/core/services/instance.go:812-813\\, \cpuNano := int64(it.VCPUs) * NanoCPUsPerVCPU\\and \memoryBytes := int64(it.MemoryMB) * BytesPerMB\\could overflow if \it.VCPUs\\or \it.MemoryMB\\come from untrusted input or DB values with very large values.What is causing it?
No overflow check before multiplication. If values exceed safe bounds, integer overflow occurs silently.
How can it be solved?
Add overflow checks or use \
MulDiv64\\or checked arithmetic libraries before multiplication.Category
Severity