CWE-481 - Assigning instead of Comparing

Read Time:42 Second

Description

The code uses an operator for assignment when the intention was to perform a comparison.

In many languages the compare statement is very close in appearance to the assignment statement and are often confused. This bug is generally the result of a typo and usually causes obvious problems with program execution. If the comparison is in an if statement, the if statement will usually evaluate the value of the right-hand side of the predicate.

Modes of Introduction:

– Implementation

Likelihood of Exploit: Low

Related Weaknesses

CWE-480
CWE-697

Consequences

Other: Alter Execution Logic

Potential Mitigations

Phase: Testing

Description:

Many IDEs and static analysis products will detect this problem.

Phase: Implementation

Description:

Place constants on the left. If one attempts to assign a constant with a variable, the compiler will produce an error.

CVE References

InAssigning instead of Comparing, CWE- 481

The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them

Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...

rocco

February 19, 2023February 19, 2023

ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows

Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...

rocco

February 19, 2023February 19, 2023

CWE-669 – Incorrect Resource Transfer Between Spheres

Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...

rocco

May 26, 2022