CWE-682: Incorrect Calculation
low-riskThe product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.
Abstraction: Pillar
Common Consequences
Availability
→
DoS: Crash, Exit, or Restart
Integrity
→
DoS: Crash, Exit, or Restart
Access Control
→
Gain Privileges or Assume Identity
Access Control
→
Bypass Protection Mechanism
Detection Methods
Manual Analysis
This weakness can be detected using tools and techniques that require manual (human) analysis, such as penetration testing, threat modeling, and interactive tools that allow the tester to record and modify an active session. Specifically, manual static analysis is useful for evaluating the correctness of allocation calculations. This can be useful for detecting overflow conditions (CWE-190) or similar weaknesses that might have serious security impacts on the program.
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2022-30780 | 7.5 | 81.8% | — |
| CVE-2018-8319 | 9.8 | 17.3% | — |
| CVE-2022-35258 | 7.5 | 9.6% | — |
| CVE-2020-0022 | 8.8 | 6.9% | — |
| CVE-2020-0022 | 8.8 | 6.9% | — |
| CVE-2022-30600 | 9.8 | 6.9% | — |
| CVE-2022-30600 | 9.8 | 6.9% | — |
| CVE-2016-7433 | 5.3 | 6.8% | — |
| CVE-2023-35641 | 8.8 | 5.2% | — |
| CVE-2021-44847 | 9.8 | 3.9% | — |
1
/ 100
low-risk
Active Threat
1/50 · Minimal
Exploit Availability
0/50 · Minimal