CWE-682: Incorrect Calculation
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
扩展描述
When product performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.
常见后果
影响范围: Availability
技术影响: DoS: Crash, Exit, or Restart
说明: If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service.
影响范围: Integrity Confidentiality Availability
技术影响: DoS: Crash, Exit, or Restart DoS: Resource Consumption (Other) Execute Unauthorized Code or Commands
说明: If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400).
影响范围: Access Control
技术影响: Gain Privileges or Assume Identity
说明: In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources.
影响范围: Access Control
技术影响: Bypass Protection Mechanism
说明: If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code.
潜在缓解措施
阶段: Implementation
描述: Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
阶段: Implementation
策略: Input Validation
描述: Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
阶段: Implementation
描述: Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
阶段: Architecture and Design
策略: Language Selection
阶段: Architecture and Design
策略: Libraries or Frameworks
阶段: Implementation
策略: Compilation or Build Hardening
描述: Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
阶段: Testing
描述: Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.
阶段: Testing
描述: Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.
检测方法
方法: Manual Analysis
有效性: High
观察示例
参考: CVE-2020-0022
chain: mobile phone Bluetooth implementation does not include offset when calculating packet length (CWE-682), leading to out-of-bounds write (CWE-787)
参考: CVE-2004-1363
substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | FLP32-C | Prevent or detect domain and range errors in math functions | CWE More Abstract |
| CERT C Secure Coding | INT07-C | Use only explicitly signed or unsigned char type for numeric values | - |
| CERT C Secure Coding | INT13-C | Use bitwise operators only on unsigned operands | - |
| CERT C Secure Coding | INT33-C | Ensure that division and remainder operations do not result in divide-by-zero errors | CWE More Abstract |
| CERT C Secure Coding | INT34-C | Do not shift an expression by a negative number of bits or by greater than or equal to the number of bits that exist in the operand | CWE More Abstract |
关键信息
CWE ID: CWE-682
抽象级别: Pillar
结构: Simple
状态: Draft
利用可能性: High