CWE-682 Detalhe

CWE-682

Incorrect Calculation
Alta
Draft
2008-04-11
00h00 +00:00
2025-12-11
00h00 +00:00
CWE Mitre.org
Notificações para um CWE
Fique informado sobre quaisquer alterações para um CWE específico.
Gerenciar notificações

Nome: Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Descrição CWE

When product performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.

Informações Gerais

Modos de Introdução

Implementation

Plataformas Aplicáveis

Linguagem

Class: Not Language-Specific (Undetermined)

Tecnologias

Class: Not Technology-Specific (Undetermined)

Consequências Comuns

Escopo Impacto Probabilidade
AvailabilityDoS: Crash, Exit, or Restart

Note: If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service.
Integrity
Confidentiality
Availability		DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands

Note: If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400).
Access ControlGain Privileges or Assume Identity

Note: In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources.
Access ControlBypass Protection Mechanism

Note: If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code.

Exemplos Observados

Referências Descrição

CVE-2020-0022

chain: mobile phone Bluetooth implementation does not include offset when calculating packet length (CWE-682), leading to out-of-bounds write (CWE-787)

CVE-2004-1363

substitution overflow: buffer overflow using environment variables that are expanded after the length check is performed

Mitigações Potenciais

Phases : Implementation
Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
Phases : Implementation
Perform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
Phases : Implementation
Use the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
Phases : Architecture and Design
Phases : Architecture and Design
Phases : Implementation
Examine compiler warnings closely and eliminate problems with potential security implications, such as signed / unsigned mismatch in memory operations, or use of uninitialized variables. Even if the weakness is rarely exploitable, a single failure may lead to the compromise of the entire system.
Phases : Testing
Use automated static analysis tools that target this type of weakness. Many modern techniques use data flow analysis to minimize the number of false positives. This is not a perfect solution, since 100% accuracy and coverage are not feasible.
Phases : Testing
Use dynamic tools and techniques that interact with the product using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The product's operation may slow down, but it should not become unstable, crash, or generate incorrect results.

Métodos de Detecção

Manual Analysis

Eficácia : High

Notas de Mapeamento de Vulnerabilidade

Justificativa : This CWE entry is extremely high-level, a Pillar. In many cases, lower-level children or descendants are more appropriate. However, sometimes this weakness is forced to be used due to the lack of in-depth weakness research. See Research Gaps.
Comentário : Where feasible, consider children or descendants of this entry instead.

Padrões de Ataque Relacionados

CAPEC-ID Nome do Padrão de Ataque
CAPEC-128 Integer Attacks
An attacker takes advantage of the structure of integer variables to cause these variables to assume values that are not expected by an application. For example, adding one to the largest positive integer in a signed integer variable results in a negative number. Negative numbers may be illegal in an application and the application may prevent an attacker from providing them directly, but the application may not consider that adding two positive numbers can create a negative number do to the structure of integer storage formats.
CAPEC-129 Pointer Manipulation
This attack pattern involves an adversary manipulating a pointer within a target application resulting in the application accessing an unintended memory location. This can result in the crashing of the application or, for certain pointer values, access to data that would not normally be possible or the execution of arbitrary code. Since pointers are simply integer variables, Integer Attacks may often be used in Pointer Attacks.

Notas


Referências

REF-106

SafeInt
David LeBlanc, Niels Dekker.
https://github.com/dcleblanc/SafeInt/

REF-44

24 Deadly Sins of Software Security
Michael Howard, David LeBlanc, John Viega.

REF-62

The Art of Software Security Assessment
Mark Dowd, John McDonald, Justin Schuh.

Submissão

Nome Organização Data Data de lançamento Version
CWE Content Team MITRE 2008-04-11 +00:00 2008-04-11 +00:00 Draft 9

Modificações

Nome Organização Data Comentário
Eric Dalci Cigital 2008-07-01 +00:00 updated Potential_Mitigations, Time_of_Introduction
CWE Content Team MITRE 2008-09-08 +00:00 updated Relationships
CWE Content Team MITRE 2008-10-14 +00:00 updated Type
CWE Content Team MITRE 2008-11-24 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2009-01-12 +00:00 updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Potential_Mitigations, Relationships
CWE Content Team MITRE 2009-03-10 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2009-05-27 +00:00 updated Demonstrative_Examples
CWE Content Team MITRE 2009-07-27 +00:00 updated Demonstrative_Examples, Related_Attack_Patterns
CWE Content Team MITRE 2009-10-29 +00:00 updated Demonstrative_Examples, Relationships
CWE Content Team MITRE 2010-02-16 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2010-04-05 +00:00 updated Detection_Factors, Potential_Mitigations, References
CWE Content Team MITRE 2010-06-21 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2010-09-27 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2011-03-29 +00:00 updated Relationships
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2011-09-13 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2012-05-11 +00:00 updated Demonstrative_Examples, References, Relationships
CWE Content Team MITRE 2014-02-18 +00:00 updated Relationships
CWE Content Team MITRE 2014-07-30 +00:00 updated Relationships
CWE Content Team MITRE 2015-12-07 +00:00 updated Relationships
CWE Content Team MITRE 2017-01-19 +00:00 updated Applicable_Platforms
CWE Content Team MITRE 2017-11-08 +00:00 updated Taxonomy_Mappings
CWE Content Team MITRE 2019-01-03 +00:00 updated Relationships
CWE Content Team MITRE 2019-06-20 +00:00 updated Related_Attack_Patterns, Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated Applicable_Platforms, Observed_Examples, Relationships, Type
CWE Content Team MITRE 2020-08-20 +00:00 updated Relationships
CWE Content Team MITRE 2020-12-10 +00:00 updated Relationships
CWE Content Team MITRE 2021-07-20 +00:00 updated Relationships
CWE Content Team MITRE 2023-01-31 +00:00 updated Description, Potential_Mitigations
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships, Time_of_Introduction
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes, Research_Gaps
CWE Content Team MITRE 2025-09-09 +00:00 updated References
CWE Content Team MITRE 2025-12-11 +00:00 updated Weakness_Ordinalities
As informações apresentadas no CVE Find originam-se de várias fontes de referência cuidadosamente selecionadas. Os dados CVE são fornecidos pela MITRE Corporation e pelo National Vulnerability Database (NVD). O catálogo de Vulnerabilidades Conhecidas Exploradas (KEV) é proveniente da Cybersecurity and Infrastructure Security Agency (CISA), enquanto as pontuações EPSS vêm do FIRST.org. Além disso, os dados sobre fraquezas de software (CWE) e padrões de ataque comuns (CAPEC) são mantidos pela MITRE Corporation, e as informações sobre configurações de hardware e software (CPE) são fornecidas pelo NVD.