CWE-682Incorrect Calculation

PUBLISHEDweakness recordHigh
released 2008-04-11 · last modified 2026-04-30

Metadata

CWE ID:
CWE-682
摘要:
Pillar
结构:
Simple
状态:
Draft
发布日期:
2008-04-11
更新日期:
2026-04-30

名称

Incorrect Calculation

描述

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

When product performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.

常见后果

范围:
Availability
影响:
DoS: Crash, Exit, or Restart
注释:
If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service.
范围:
Integrity, Confidentiality, Availability
影响:
DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands
注释:
If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400).
范围:
Access Control
影响:
Gain Privileges or Assume Identity
注释:
In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources.
范围:
Access Control
影响:
Bypass Protection Mechanism
注释:
If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code.

相关 CWE