- What is CWE-682?
- The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
- What CVEs are caused by CWE-682?
- 57 recorded CVEs are attributed to CWE-682, including CVE-2023-2163, CVE-2024-36736, CVE-2022-30600.
- How do you prevent CWE-682?
- Understand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
- How is CWE-682 detected?
- Manual Analysis: This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session.
- What are the consequences of CWE-682?
- Exploiting CWE-682 can lead to: DoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection Mechanism.
- Is CWE-682 actively exploited?
- 57 recorded CVEs are caused by CWE-682; none are currently in CISA's KEV catalog of actively exploited flaws.