CWE-783
Operator Precedence Logic Error
Low
Draft
2009-07-27
00h00 +00:00
00h00 +00:00
2023-06-29
00h00 +00:00
00h00 +00:00
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Name: Operator Precedence Logic Error
The product uses an expression in which operator precedence causes incorrect logic to be used.
CWE Description
While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.
General Informations
Modes Of Introduction
Implementation : Logic errors related to operator precedence may cause problems even during normal operation, so they are probably discovered quickly during the testing phase. If testing is incomplete or there is a strong reliance on manual review of the code, then these errors may not be discovered before the software is deployed.Applicable Platforms
Language
Name: C (Rarely)Name: C++ (Rarely)
Class: Not Language-Specific (Rarely)
Common Consequences
| Scope | Impact | Likelihood |
|---|---|---|
| Confidentiality Integrity Availability | Varies by Context, Unexpected State Note: The consequences will vary based on the context surrounding the incorrect precedence. In a security decision, integrity or confidentiality are the most likely results. Otherwise, a crash may occur due to the software reaching an unexpected state. |
Observed Examples
| References | Description |
|---|---|
CVE-2008-2516 | Authentication module allows authentication bypass because it uses "(x = call(args) == SUCCESS)" instead of "((x = call(args)) == SUCCESS)". |
CVE-2008-0599 | Chain: Language interpreter calculates wrong buffer size (CWE-131) by using "size = ptr ? X : Y" instead of "size = (ptr ? X : Y)" expression. |
CVE-2001-1155 | Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions. |
Potential Mitigations
Phases : ImplementationRegularly wrap sub-expressions in parentheses, especially in security-critical code.
Vulnerability Mapping Notes
Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
References
REF-704
EXP00-C. Use parentheses for precedence of operationCERT.
https://www.securecoding.cert.org/confluence/display/seccode/EXP00-C.+Use+parentheses+for+precedence+of+operation
REF-62
The Art of Software Security AssessmentMark Dowd, John McDonald, Justin Schuh.
Submission
| Name | Organization | Date | Date release | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | 1.5 |
Modifications
| Name | Organization | Date | Comment |
|---|---|---|---|
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, References, Relationships | |
| CWE Content Team | MITRE | updated Taxonomy_Mappings, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Type | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes |
2025©
tesweb SA
