angler-fishThe Vulnerability History Project

CWE-682: Incorrect Calculation

"The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management." - Entry from the Common Weakness Enumeration For more info visit <a href="https://cwe.mitre.org/data/definitions/682.html" target="_blank" rel="noopener noreferrer">CWE-682</a>

Examples

Bad things happen when integers wrap around

Loop counters, file sizes, malloc arguments, session tokens, primary keys... numbers are everywhere in our code. What happens when our numbers get very, _very_ big? Integer overflow, or wraparound, is much more dangerous than it seems.

expand_less