Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-682 (数值计算不正确) — Vulnerability Class 42

42 vulnerabilities classified as CWE-682 (数值计算不正确). AI Chinese analysis included.

CWE-682 represents a logic error where software performs calculations that yield incorrect or unintended results, subsequently influencing security-critical decisions or resource management. This weakness is typically exploited by attackers who manipulate input data to trigger arithmetic overflow, underflow, or precision errors, causing the system to miscalculate buffer sizes, access permissions, or authentication thresholds. Consequently, these miscalculations can lead to unauthorized privilege escalation, denial of service through resource exhaustion, or data corruption. To prevent such vulnerabilities, developers must implement rigorous input validation and employ safe arithmetic libraries that detect overflows before they occur. Additionally, using static analysis tools to identify risky mathematical operations and conducting thorough code reviews for complex logic ensures that calculations remain accurate and secure under all expected and unexpected input conditions.

MITRE CWE Description
The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. When product performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.
Common Consequences (4)
AvailabilityDoS: Crash, Exit, or Restart
If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service.
Integrity, Confidentiality, AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands
If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400).
Access ControlGain Privileges or Assume Identity
In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources.
Access ControlBypass Protection Mechanism
If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code.
Mitigations (5)
ImplementationUnderstand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
ImplementationPerform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
ImplementationUse the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
Architecture and DesignUse languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences. Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Architecture and DesignUse languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences. Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Examples (2)
The following image processing code allocates a table for images.
img_t table_ptr; /*struct containing img data, 10kB each*/ int num_imgs; ... num_imgs = get_num_imgs(); table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs); ...
Bad · C
This code attempts to calculate a football team's average number of yards gained per touchdown.
... int touchdowns = team.getTouchdowns(); int yardsGained = team.getTotalYardage(); System.out.println(team.getName() + " averages " + yardsGained / touchdowns + "yards gained for every touchdown scored"); ...
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-44498 ZEBRA: Block Validator Undercounts Coinbase and P2SH Sigops — zebra 5.3AIMediumAI2026-05-08
CVE-2026-1229 Incorrect calculation in CIRCL secp384r1 CombinedMult — CIRCL 7.5AIHighAI2026-02-24
CVE-2026-24783 soroban-fixed-point-math has Incorrect Rounding and Overflow Handling in Signed Fixed-Point Math with Negatives — soroban-fixed-point-math 7.5 High2026-01-27
CVE-2026-21911 Junos OS Evolved: Flapping management interface causes MAC learning on label-switched interfaces to stop — Junos OS Evolved 6.5 Medium2026-01-15
CVE-2025-59047 matrix-sdk-base has panic in the `RoomMember::normalized_power_level()` method — matrix-rust-sdk 7.5AIHighAI2025-09-11
CVE-2025-54427 Polkadot Frontier contains missing `check_inherent` for `note_min_gas_price_target` inflates gas price — frontier--AI2025-07-28
CVE-2025-5372 Libssh: incorrect return code handling in ssh_kdf() in libssh — libssh 5.0 Medium2025-07-04
CVE-2025-0036 AMD Versal Adaptive SoC 安全漏洞 — Versal Adaptive SoC Devices 3.2 Low2025-06-09
CVE-2025-26622 sqrt doesn't define rounding behavior in Vyper — vyper--2025-02-21
CVE-2024-11407 Denial of Service through Data corruption in gRPC-C++ — gRPC-C++ 7.5AIHighAI2024-11-26
CVE-2024-45056 `fold (xor (shl 1, x), -1) -> (rotl ~1, x)` misoptimization in zksolc — era-compiler-solidity 5.9 Medium2024-08-29
CVE-2024-6287 Incorrect Address Range Calculations — rcar_gen3_v2.5 7.5 High2024-06-24
CVE-2024-32873 evmos allows transferring unvested tokens after delegations — evmos 3.5 Low2024-06-06
CVE-2024-34704 era-compiler-solidity contains a `xor(zext(cmp), -1)` misoptimization — era-compiler-solidity 5.9 Medium2024-05-13
CVE-2023-35642 Internet Connection Sharing (ICS) Denial of Service Vulnerability — Windows 10 Version 1809 6.5 Medium2023-12-12
CVE-2023-35641 Internet Connection Sharing (ICS) Remote Code Execution Vulnerability — Windows 10 Version 1809 8.8 High2023-12-12
CVE-2023-42460 _abi_decode input not validated in complex expressions in Vyper — vyper 5.3 Medium2023-09-26
CVE-2023-2163 Incorrect Verifier Branch Pruning Logic Leads To Arbitrary Read/Write In Linux Kernel and Lateral Privilege Escalation — Linux Kernel 10.0 Critical2023-09-20
CVE-2023-2423 Rockwell Automation Armor PowerFlex Vulnerable to Denial-Of-Service — Armor PowerFlex 8.6 High2023-08-08
CVE-2023-28431 Frontier's modexp precompile is slow for even modulus — frontier 7.5 High2023-03-22
CVE-2023-1296 Nomad ACLs Can Not Deny Access to Workload's Own Variables — Nomad 2.7 Low2023-03-14
CVE-2023-26488 OpenZeppelin Contracts contains Incorrect Calculation — openzeppelin-contracts 6.5 Medium2023-03-03
CVE-2022-36795 BIG-IP software SYN cookies vulnerability CVE-2022-36795 — BIG-IP 5.3 Medium2022-10-19
CVE-2022-39242 Incorrect Calculation in Frontier leads to inflated Ethereum chain gas prices — frontier 5.3 Medium2022-09-24
CVE-2022-31198 GovernorVotesQuorumFraction updates to quorum may affect past defeated proposals in @openzeppelin/contracts — openzeppelin-contracts 7.5 High2022-08-01
CVE-2022-23001 Sweet-B Library: Point compress/decompress using the wrong bit for sign — Sweet B Library 5.3 Medium2022-07-29
CVE-2022-31169 Cranelift vulnerable to miscompilation of constant values in division on AArch64 — wasmtime 5.9 Medium2022-07-21
CVE-2022-31104 Miscompilation of `i8x16.swizzle` and `select` with v128 inputs in Wasmtime — wasmtime 4.8 Medium2022-06-27
CVE-2022-30600 Moodle 安全漏洞 — moodle 8.2 -2022-05-18
CVE-2022-23066 Solana rBPF - Incorrect Calculation in sdiv instruction — rbpf 9.1 Critical2022-05-09

Vulnerabilities classified as CWE-682 (数值计算不正确) represent 42 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.