CWE-783βOperator Precedence Logic Error
PUBLISHEDweakness recordLow
released 2009-07-27 Β· last modified 2025-12-11
Metadata
- CWE ID:
- CWE-783
- Abstraction:
- Base
- Structure:
- Simple
- Status:
- Draft
- Release Date:
- 2009-07-27
- Latest Modification Date:
- 2025-12-11
Weakness Name
Operator Precedence Logic Error
Description
The product uses an expression in which operator precedence causes incorrect logic to be used.
While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.
Common Consequences
- Scope:
- Confidentiality, Integrity, Availability
- Impact:
- Varies by Context, Unexpected State
- Notes:
- The consequences will vary based on the context surrounding the incorrect precedence. In a security decision, integrity or confidentiality are the most likely results. Otherwise, a crash may occur due to the software reaching an unexpected state.