Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-768 (不正确的快捷方式验证) — Vulnerability Class 1

1 vulnerabilities classified as CWE-768 (不正确的快捷方式验证). AI Chinese analysis included.

CWE-768 represents a logical flaw where short-circuit evaluation prevents necessary side effects in conditional statements. This weakness occurs when a program relies on non-leading expressions to modify state, but the primary condition evaluates to false, causing the interpreter to skip the remaining checks. Attackers typically exploit this by manipulating input to trigger the short-circuit path, thereby bypassing critical security checks or validation logic. This allows unauthorized access or data corruption without triggering expected error handling mechanisms. To prevent this, developers must ensure that critical operations are not dependent on the order of evaluation within short-circuit operators. Instead, they should separate logical checks from state-modifying actions, using explicit sequential statements or ensuring that all necessary validations are performed regardless of the initial condition’s outcome, thus guaranteeing consistent program behavior.

MITRE CWE Description
The product contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring. Usage of short circuit evaluation, though well-defined in the C standard, may alter control flow in a way that introduces logic errors that are difficult to detect, possibly causing errors later during the product's execution. If an attacker can discover such an inconsistency, it may be exploitable to gain arbitrary control over a system. If the first condition of an "or" statement is assumed to be true under normal circumstances, or if the first condition of an "and" statement is assumed to be false, then any subsequent conditional may contain its own logic errors that are not detected during code review or testing. Finally, the usage of short circuit evaluation may decrease the maintainability of the code.
Common Consequences (1)
Confidentiality, Integrity, AvailabilityVaries by Context
Widely varied consequences are possible if an attacker is aware of an unexpected state in the product after a conditional. It may lead to information exposure, a system crash, or even complete attacker control of the system.
Mitigations (1)
ImplementationMinimizing the number of statements in a conditional that produce side effects will help to prevent the likelihood of short circuit evaluation to alter control flow in an unexpected way.
Examples (1)
The following function attempts to take a size value from a user and allocate an array of that size (we ignore bounds checking for simplicity). The function tries to initialize each spot with the value of its index, that is, A[len-1] = len - 1; A[len-2] = len - 2; ... A[1] = 1; A[0] = 0; However, since the programmer uses the prefix decrement operator, when the conditional is evaluated with i == 1…
#define PRIV_ADMIN 0 #define PRIV_REGULAR 1 typedef struct{ int privileges; int id; } user_t; user_t *Add_Regular_Users(int num_users){ user_t* users = (user_t*)calloc(num_users, sizeof(user_t)); int i = num_users; while( --i && (users[i].privileges = PRIV_REGULAR) ){ users[i].id = i; } return users; } int main(){ user_t* test; int i; test = Add_Regular_Users(25); for(i = 0; i < 25; i++) printf("user %d has privilege level %d\n", test[i].id, test[i].privileges); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-35378 uutils coreutils expr Local Denial of Service via Eager Evaluation of Parenthesized Subexpressions — coreutils 3.3 Low2026-04-22

Vulnerabilities classified as CWE-768 (不正确的快捷方式验证) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.