CWE-783Operator Precedence Logic Error

PUBLISHEDweakness recordLow
released 2009-07-27 · last modified 2025-12-11

Metadata

CWE ID:
CWE-783
摘要:
Base
结构:
Simple
状态:
Draft
发布日期:
2009-07-27
更新日期:
2025-12-11

名称

Operator Precedence Logic Error

描述

The product uses an expression in which operator precedence causes incorrect logic to be used.

While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.

常见后果

范围:
Confidentiality, Integrity, Availability
影响:
Varies by Context, Unexpected State
注释:
The consequences will vary based on the context surrounding the incorrect precedence. In a security decision, integrity or confidentiality are the most likely results. Otherwise, a crash may occur due to the software reaching an unexpected state.

相关 CWE