VariantIncomplete

CWE-768Incorrect Short Circuit Evaluation

Category: other

Description

The product contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring.

Common consequences· 1

  • Confidentiality / Integrity / Availability — Varies by Context
    Widely varied consequences are possible if an attacker is aware of an unexpected state in the product after a conditional. It may lead to information exposure, a system crash, or even complete attacker control of the system.

Potential mitigations· 1

  • [Implementation]Minimizing the number of statements in a conditional that produce side effects will help to prevent the likelihood of short circuit evaluation to alter control flow in an unexpected way.

References

  1. https://cwe.mitre.org/data/definitions/768.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Incorrect Control Flow Scoping
CWE
Unchecked Input for Loop Condition
CWE
Function Call with Incorrectly Specified Arguments
CWE
Loop Condition Value Update within the Loop
CWE
Omitted Break Statement in Switch
CWE
Insufficient Control Flow Management
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.