CWE-480: Use of Incorrect Operator

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following C/C++ and C# examples attempt to validate an int input parameter against the integer value 100.

Vulnerable example

int isValid(int value) {

Vulnerable example

csharp

bool isValid(int value) {

However, the expression to be evaluated in the if statement uses the assignment operator "=" rather than the comparison operator "==". The result of using the assignment operator instead of the comparison operator causes the int variable to be reassigned locally and the expression in the if statement will always evaluate to the value on the right hand side of the expression. This will result in the input value not being properly validated, which can cause unexpected results.

The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.

Vulnerable example

#define SIZE 50

The example code below is taken from the CVA6 processor core of the HACK@DAC'21 buggy OpenPiton SoC. Debug access allows users to access internal hardware registers that are otherwise not exposed for user access or restricted access through access control protocols. Hence, requests to enter debug mode are checked and authorized only if the processor has sufficient privileges. In addition, debug accesses are also locked behind password checkers. Thus, the processor enters debug mode only when the privilege level requirement is met, and the correct debug password is provided.

CWE-480: Use of Incorrect Operator | RadicalNotion.AI

CWE-480: Use of Incorrect Operator

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to detect it

Automated Static Analysis

Manual Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-480?

What CVEs are caused by CWE-480?

How is CWE-480 detected?

What are the consequences of CWE-480?

Is CWE-480 actively exploited?

References

Stay ahead of CWE-480

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to detect it

Automated Static Analysis

Manual Static Analysis

Code examples

Illustrative examples

Related weaknesses

Parent

Child

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-480?

What CVEs are caused by CWE-480?

How is CWE-480 detected?

What are the consequences of CWE-480?

Is CWE-480 actively exploited?

References

Stay ahead of CWE-480