In C/C+ language, limited rages represented by integer types and castings between different signs or widths cause integer-based weakness, including integer overflow, integer underflow, signedness error and truncation error. Attackers usually exploit them indirectly to commit damaging acts such as arbitrary code execution and denial of service. This paper presents a survey on integer-based vulnerabilities. A novel security model is proposed in view of behaviors resulting from the weakness occurrence, and the sufficient conditions in determining integer-based vulnerabilities are also presented. A thorough comparison among detecting methods is further conducted in consideration of covering sufficient conditions. Through an empirical study on real-world integer bug cases, the characteristics and distributions are discussed. Finally, the challenges and research directions of integer-based vulnerabilities are explored.