CWE-768: Incorrect Short Circuit Evaluation
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring.
常见后果
影响范围: Confidentiality Integrity Availability
技术影响: Varies by Context
说明: Widely varied consequences are possible if an attacker is aware of an unexpected state in the product after a conditional. It may lead to information exposure, a system crash, or even complete attacker control of the system.
潜在缓解措施
阶段: Implementation
描述: Minimizing the number of statements in a conditional that produce side effects will help to prevent the likelihood of short circuit evaluation to alter control flow in an unexpected way.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Failure to protect stored data from modification | - |
| Software Fault Patterns | SFP1 | Glitch in computation | - |