CWE
Home > CWE List > CWE- Individual Dictionary Definition (1.1)  
Search by ID:

CWE-682: Incorrect Calculation

Individual Definition in a New Window
Incorrect Calculation
Status: Draft
Weakness ID: 682 (Weakness Class)
Description
Summary

The software performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

Potential Mitigations
Implementation

perform thorough testing of the calculation algorithm.

Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
CanPrecedeWeakness BaseWeakness BaseWeakness Base170Improper Null Termination
Research Concepts1000
ChildOfCategoryCategory189Numeric Errors
Development Concepts (primary)699
ChildOfCategoryCategory738CERT C Secure Coding Section 04 - Integers (INT)
Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOfCategoryCategory739CERT C Secure Coding Section 05 - Floating Point (FLP)
Weaknesses Addressed by the CERT C Secure Coding Standard734
MemberOfViewView1000Research Concepts
Research Concepts (primary)1000
ParentOfCategoryCategory192Integer Coercion Error
Development Concepts (primary)699
ParentOfWeakness BaseWeakness BaseWeakness Base131Incorrect Calculation of Buffer Size
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness BaseWeakness Base135Incorrect Calculation of Multi-Byte String Length
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness BaseWeakness Base190Integer Overflow (Wrap or Wraparound)
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness BaseWeakness Base191Integer Underflow (Wrap or Wraparound)
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness BaseWeakness Base193Off-by-one Error
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness BaseWeakness Base369Divide By Zero
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness VariantWeakness Variant467Use of sizeof() on a Pointer Type
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness BaseWeakness Base468Incorrect Pointer Scaling
Research Concepts (primary)1000
ParentOfWeakness BaseWeakness BaseWeakness Base469Use of Pointer Subtraction to Determine Size
Research Concepts (primary)1000
CanFollowWeakness BaseWeakness BaseWeakness Base681Incorrect Conversion between Numeric Types
Research Concepts (primary)1000
Taxonomy Mappings
Mapped Taxonomy NameNode IDMapped Node Name
CERT C Secure CodingFLP32-CPrevent or detect domain and range errors in math functions
CERT C Secure CodingFLP33-CConvert integers to floating point for floating point operations
CERT C Secure CodingINT07-CUse only explicitly signed or unsigned char type for numeric values
CERT C Secure CodingINT13-CUse bitwise operators only on unsigned operands
Time of Introduction
* Architecture and Design
* Implementation
Content History
Modifications
Eric Dalci. Cigital. 2008-07-01. (External)
updated Potential_Mitigations, Time_of_Introduction
CWE Content Team. MITRE. 2008-09-08. (Internal)
updated Relationships
CWE Content Team. MITRE. 2008-10-14. (Internal)
updated Type
CWE Content Team. MITRE. 2008-11-24. (Internal)
updated Relationships, Taxonomy_Mappings
Back to top
Page Last Updated: November 24, 2008
 

CWE is a Software Assurance strategic initiative sponsored by the National Cyber Security Division of the U.S. Department of Homeland Security.

This Web site is hosted by The MITRE Corporation.
Copyright 2008, The MITRE Corporation. CWE and the CWE logo are trademarks of The MITRE Corporation.

Contact cwe@mitre.org for more information.
Privacy policy
Terms of use
Contact us