CWE-783 - Operator Precedence Logic Error
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2009-07-27
- Latest Modification Date:2023-06-29
Weakness Name
Operator Precedence Logic Error
Description
The product uses an expression in which operator precedence causes incorrect logic to be used.
While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.
Common Consequences
Scope: Confidentiality, Integrity, Availability
Impact: Varies by Context, Unexpected State
Notes: The consequences will vary based on the context surrounding the incorrect precedence. In a security decision, integrity or confidentiality are the most likely results. Otherwise, a crash may occur due to the software reaching an unexpected state.
