CWE-682 - Incorrect Calculation

Description

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. When software performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution. If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service. If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400). In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources. If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code. The weakness is introduced during Architecture ad Design, Implementaion stages.

Latest vulnerabilities for CWE-682

References

Description of CWE-682 on Mitre website