CWE-480: Use of Incorrect Operator
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.
扩展描述
These types of errors are generally the result of a typo by the programmer.
常见后果
影响范围: Other
技术影响: Alter Execution Logic
说明: This weakness can cause unintended logic to be executed and other unexpected application behavior.
检测方法
方法: Automated Static Analysis
This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program.
方法: Manual Static Analysis
This weakness can be found easily using static analysis. However in some cases an operator might appear to be incorrect, but is actually correct and reflects unusual logic within the program.
观察示例
参考: CVE-2022-3979
Chain: data visualization program written in PHP uses the "!=" operator instead of the type-strict "!==" operator (CWE-480) when validating hash values, potentially leading to an incorrect type conversion (CWE-704)
参考: CVE-2021-3116
Chain: Python-based HTTP Proxy server uses the wrong boolean operators (CWE-480) causing an incorrect comparison (CWE-697) that identifies an authN failure if all three conditions are met instead of only one, allowing bypass of the proxy authentication (CWE-1390)
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Using the wrong operator | - |
| CERT C Secure Coding | EXP45-C | Do not perform assignments in selection statements | CWE More Abstract |
| CERT C Secure Coding | EXP46-C | Do not use a bitwise operator with a Boolean-like operand | CWE More Abstract |
| Software Fault Patterns | SFP1 | Glitch in Computation | - |