Tag Archives: CWE- 768

CWE-768 – Incorrect Short Circuit Evaluation

Read Time:43 Second

Description

The software contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring.

Modes of Introduction:

– Implementation

Likelihood of Exploit: Low

 

Related Weaknesses

CWE-691

 

Consequences

Confidentiality, Integrity, Availability:

Widely varied consequences are possible if an attacker is aware of an unexpected state in the software after a conditional. It may lead to information exposure, a system crash, or even complete attacker control of the system.

 

Potential Mitigations

Phase: Implementation

Effectiveness:

Description: 

Minimizing the number of statements in a conditional that produce side effects will help to prevent the likelihood of short circuit evaluation to alter control flow in an unexpected way.

CVE References