logo

CWE-682 - Incorrect Calculation

CWE-682 High

  • Abstraction:
  • Pillar
  • Structure:
  • Simple
  • Status:
  • Draft
Weakness Name

Incorrect Calculation

Description

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

When product performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.

Common Consequences

Scope: Availability

Impact: DoS: Crash, Exit, or Restart

Notes: If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service.

Scope: Integrity, Confidentiality, Availability

Impact: DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands

Notes: If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400).

Scope: Access Control

Impact: Gain Privileges or Assume Identity

Notes: In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources.

Scope: Access Control

Impact: Bypass Protection Mechanism

Notes: If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code.

Related Weaknesses
  • Release Date:
  • 2008-04-11
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website