CWE-480 Détail

CWE-480

Nom

Use of Incorrect Operator

Probabilité

Bas

Statut

Draft

Publié

2006-07-19
00h00 +00:00

Modifié

2024-02-29
00h00 +00:00

Liens officiels

CWE Mitre.org

Notifications pour un CWE

Restez informé de toutes modifications pour un CWE spécifique.

Gestion des notifications

Liste des Notifications

Notifications pour un CWE

Restez informé de toutes modifications pour un CWE spécifique.

Paramètres

Vous pouvez spécifier un titre qui sera récupéré dans les alertes qui seront envoyées.

Spécifiez le CWE ID que vous désirez surveiller.

Planifications

Mois

Prochaine exécution calculée

Jour

Jour de la semaine

Heure

Minute

Date de création

Dernière exécution

Prochaine exécution

Fonctionnalité nécessitant une connexion

Cette fonctionnalité qui vous permet de recevoir des alertes, n'est active que lorsque vous êtes connecté à votre compte.

Nom: Use of Incorrect Operator

The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.

Description du CWE

These types of errors are generally the result of a typo by the programmer.

Informations générales

Modes d'introduction

Implementation

Plateformes applicables

Langue

Name: C (Sometimes)
Name: C++ (Sometimes)
Name: Perl (Sometimes)
Class: Not Language-Specific (Undetermined)

Conséquences courantes

Portée	Impact	Probabilité
Other	Alter Execution Logic Note: This weakness can cause unintended logic to be executed and other unexpected application behavior.

Exemples observés

Références	Description
CVE-2022-3979	Chain: data visualization program written in PHP uses the "!=" operator instead of the type-strict "!==" operator (CWE-480) when validating hash values, potentially leading to an incorrect type conversion (CWE-704)
CVE-2021-3116	Chain: Python-based HTTP Proxy server uses the wrong boolean operators (CWE-480) causing an incorrect comparison (CWE-697) that identifies an authN failure if all three conditions are met instead of only one, allowing bypass of the proxy authentication (CWE-1390)

Méthodes de détection

Automated Static Analysis

This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program.

Manual Static Analysis

This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program.

Notes de cartographie des vulnérabilités

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Commentaire : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Références

REF-18

The CLASP Application Security Process
Secure Software, Inc..
https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

REF-1377

csr_regile.sv line 938
https://github.com/HACK-EVENT/hackatdac19/blob/57e7b2109c1ea2451914878df2e6ca740c2dcf34/src/csr_regfile.sv#L938

REF-1378

Fix for csr_regfile.sv line 938
https://github.com/HACK-EVENT/hackatdac19/blob/a7b61209e56c48eec585eeedea8413997ec71e4a/src/csr_regfile.sv#L938C31-L938C56

Soumission

Nom	Organisation	Date	Date de publication	Version
CLASP		2006-07-19 +00:00	2006-07-19 +00:00	Draft 3

Modifications

Nom	Organisation	Date	Commentaire
Eric Dalci	Cigital	2008-07-01 +00:00	updated Time_of_Introduction
CWE Content Team	MITRE	2008-09-08 +00:00	updated Applicable_Platforms, Relationships, Other_Notes, Taxonomy_Mappings
CWE Content Team	MITRE	2008-10-14 +00:00	updated Relationships
CWE Content Team	MITRE	2008-11-24 +00:00	updated Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2011-06-01 +00:00	updated Common_Consequences, Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2011-09-13 +00:00	updated Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2012-05-11 +00:00	updated Common_Consequences, References, Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2012-10-30 +00:00	updated Demonstrative_Examples, Potential_Mitigations
CWE Content Team	MITRE	2014-06-23 +00:00	updated Applicable_Platforms, Description, Detection_Factors, Other_Notes
CWE Content Team	MITRE	2014-07-30 +00:00	updated Relationships
CWE Content Team	MITRE	2017-11-08 +00:00	updated Demonstrative_Examples, Taxonomy_Mappings
CWE Content Team	MITRE	2019-01-03 +00:00	updated Relationships
CWE Content Team	MITRE	2020-02-24 +00:00	updated References, Relationships, Taxonomy_Mappings
CWE Content Team	MITRE	2020-08-20 +00:00	updated Relationships
CWE Content Team	MITRE	2021-03-15 +00:00	updated Demonstrative_Examples, Relationships
CWE Content Team	MITRE	2023-01-31 +00:00	updated Description, Observed_Examples
CWE Content Team	MITRE	2023-04-27 +00:00	updated Relationships
CWE Content Team	MITRE	2023-06-29 +00:00	updated Mapping_Notes
CWE Content Team	MITRE	2023-10-26 +00:00	updated Observed_Examples
CWE Content Team	MITRE	2024-02-29 +00:00	updated Demonstrative_Examples, References

Détail du CWE-480