CWE-1077: Floating Point Comparison with Incorrect Operator

The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Variant

Abstraction

MITRE classification

Overview

Numeric calculation using floating point values can generate imprecise results because of rounding errors. As a result, two different calculations might generate numbers that are mathematically equal, but have slightly different bit representations that do not translate to the same mathematically-equal values. As a result, an equality test or other comparison might produce unexpected results.

CWE-1077: Floating Point Comparison with Incorrect Operator

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-1077?

What CVEs are caused by CWE-1077?

How is CWE-1077 detected?

What are the consequences of CWE-1077?

Is CWE-1077 actively exploited?

References

Stay ahead of CWE-1077

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-1077?

What CVEs are caused by CWE-1077?

How is CWE-1077 detected?

What are the consequences of CWE-1077?

Is CWE-1077 actively exploited?

References

Stay ahead of CWE-1077