CWE WEAKNESSES / CWE-783
CWE-783
Operator Precedence Logic Error
Base EXPLOIT LIKELIHOOD: LOW
What it is
The product uses an expression in which operator precedence causes incorrect logic to be used.
While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.
Impact
| Confidentiality, Integrity, Availability | Varies by Context, Unexpected State |
Mitigations
- [Implementation] Regularly wrap sub-expressions in parentheses, especially in security-critical code.
Real-world CVE examples
- CVE-2008-2516 — Authentication module allows authentication bypass because it uses "(x = call(args) == SUCCESS)" instead of "((x = call(args)) == SUCCESS)".
- CVE-2008-0599 — Chain: Language interpreter calculates wrong buffer size (CWE-131) by using "size = ptr ? X : Y" instead of "size = (ptr ? X : Y)" expression.
- CVE-2001-1155 — Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrict
Related weaknesses
Test & detect
Browse all common weaknesses, check related exploited CVEs, or map to ATT&CK techniques.
Source: MITRE CWE. View on cwe.mitre.org →