CWE-783: Operator Precedence Logic Error
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses an expression in which operator precedence causes incorrect logic to be used.
扩展描述
While often just a bug, operator precedence logic errors can have serious consequences if they are used in security-critical code, such as making an authentication decision.
常见后果
影响范围: Confidentiality Integrity Availability
技术影响: Varies by Context Unexpected State
说明: The consequences will vary based on the context surrounding the incorrect precedence. In a security decision, integrity or confidentiality are the most likely results. Otherwise, a crash may occur due to the software reaching an unexpected state.
潜在缓解措施
阶段: Implementation
描述: Regularly wrap sub-expressions in parentheses, especially in security-critical code.
观察示例
参考: CVE-2008-2516
Authentication module allows authentication bypass because it uses "(x = call(args) == SUCCESS)" instead of "((x = call(args)) == SUCCESS)".
参考: CVE-2008-0599
Chain: Language interpreter calculates wrong buffer size (CWE-131) by using "size = ptr ? X : Y" instead of "size = (ptr ? X : Y)" expression.
参考: CVE-2001-1155
Chain: product does not properly check the result of a reverse DNS lookup because of operator precedence (CWE-783), allowing bypass of DNS-based access restrictions.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | Logic errors related to operator precedence may cause problems even during normal operation, so they are probably discovered quickly during the testing phase. If testing is incomplete or there is a strong reliance on manual review of the code, then these errors may not be discovered before the software is deployed. |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | EXP00-C | Use parentheses for precedence of operation | Exact |
| SEI CERT Perl Coding Standard | EXP04-PL | Do not mix the early-precedence logical operators with late-precedence logical operators | CWE More Abstract |