Description
The software contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring.
Modes of Introduction:
– Implementation
Likelihood of Exploit: Low
Related Weaknesses
CWE-691
Consequences
Confidentiality, Integrity, Availability:
Widely varied consequences are possible if an attacker is aware of an unexpected state in the software after a conditional. It may lead to information exposure, a system crash, or even complete attacker control of the system.
Potential Mitigations
Phase: Implementation
Effectiveness:
Description:
Minimizing the number of statements in a conditional that produce side effects will help to prevent the likelihood of short circuit evaluation to alter control flow in an unexpected way.
CVE References
