CWE-783 - Operator Precedence Logic Error

CWE-783 Low

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Operator Precedence Logic Error

Description: The product uses an expression in which operator precedence causes incorrect logic to be used.
While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.

Common Consequences: Scope: Confidentiality, Integrity, Availability
Impact: Varies by Context, Unexpected State
Notes: The consequences will vary based on the context surrounding the incorrect precedence. In a security decision, integrity or confidentiality are the most likely results. Otherwise, a crash may occur due to the software reaching an unexpected state.

Related Weaknesses: CWE-670Always-Incorrect Control Flow Implementation

Release Date:
2009-07-27

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard