Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-480 (使用操作符不正确) — Vulnerability Class 3

3 vulnerabilities classified as CWE-480 (使用操作符不正确). AI Chinese analysis included.

CWE-480 represents a logic error weakness where developers inadvertently employ an incorrect operator, fundamentally altering the intended program flow in security-critical contexts. This vulnerability typically stems from simple typographical mistakes, such as confusing assignment with comparison or mixing bitwise and logical operators. Attackers exploit these flaws by manipulating input to trigger unintended code paths, potentially bypassing authentication checks or enabling unauthorized data access. For instance, using a single equals sign instead of a double equals sign in a conditional statement can always evaluate to true, granting unrestricted access. To prevent this, developers must adhere to strict coding standards, utilize static analysis tools that flag suspicious operator usage, and conduct thorough code reviews. Emphasizing precise syntax and leveraging compiler warnings significantly reduces the risk of introducing these subtle yet dangerous logical errors into production systems.

MITRE CWE Description
The product accidentally uses the wrong operator, which changes the logic in security-relevant ways. These types of errors are generally the result of a typo by the programmer.
Common Consequences (1)
OtherAlter Execution Logic
This weakness can cause unintended logic to be executed and other unexpected application behavior.
Examples (2)
The following C/C++ and C# examples attempt to validate an int input parameter against the integer value 100.
int isValid(int value) { if (value=100) { printf("Value is valid\n"); return(1); } printf("Value is not valid\n"); return(0); }
Bad · C
bool isValid(int value) { if (value=100) { Console.WriteLine("Value is valid."); return true; } Console.WriteLine("Value is not valid."); return false; }
Bad · C#
The following C/C++ example shows a simple implementation of a stack that includes methods for adding and removing integer values from the stack. The example uses pointers to add and remove integer values to the stack array variable.
#define SIZE 50 int *tos, *p1, stack[SIZE]; void push(int i) { p1++; if(p1==(tos+SIZE)) { // Print stack overflow error message and exit } *p1 == i; } int pop(void) { if(p1==tos) { // Print stack underflow error message and exit } p1--; return *(p1+1); } int main(int argc, char *argv[]) { // initialize tos and p1 to point to the top of stack tos = stack; p1 = stack; // code to add and remove items from stack ... return 0; }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-4748 pf silently ignores certain rules — FreeBSD 5.3AIMediumAI2026-04-01
CVE-2025-52985 Junos OS Evolved: When a control-plane firewall filter refers to a prefix-list with more than 10 entries it's not matching — Junos OS Evolved 5.3 Medium2025-07-11
CVE-2022-1947 Use of Incorrect Operator in polonel/trudesk — polonel/trudesk 6.5 -2022-05-31

Vulnerabilities classified as CWE-480 (使用操作符不正确) represent 3 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.