CWE-480

Use of Incorrect Operator

Base

Draft

Description

The product accidentally uses the wrong operator, which changes the logic in security-relevant ways.

These types of errors are generally the result of a typo by the programmer.

Parent Weaknesses (ChildOf)

CWE-670: Always-Incorrect Control Flow ...

Common Consequences

Scope

Other

Impact

Alter Execution Logic

CVE-2022-3979

Chain: data visualization program written in PHP uses the "!=" operator instead of the type-strict "!==" operator (CWE-480) when validating hash values, potentially leading to an incorrect type conversion (CWE-704)

CVE-2021-3116

Chain: Python-based HTTP Proxy server uses the wrong boolean operators (CWE-480) causing an incorrect comparison (CWE-697) that identifies an authN failure if all three conditions are met instead of only one, allowing bypass of the proxy authentication (CWE-1390)

Applicable Platforms

C++

Perl

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-480

Use of Incorrect Operator

Description

Relationships

Common Consequences

Related CVEs

Applicable Platforms