VYPR

CWE-682

Incorrect Calculation

PillarDraftLikelihood: High

Description

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

When product performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-128 · CAPEC-129

CVEs mapped to this weakness (64)

page 4 of 4
  • CVE-2020-1026Apr 15, 2020
    risk 0.00cvss epss 0.03

    A Security Feature Bypass vulnerability exists in the MSR JavaScript Cryptography Library that is caused by multiple bugs in the library’s Elliptic Curve Cryptography (ECC) implementation.An attacker could potentially abuse these bugs to learn information about a…

  • CVE-2018-20999Aug 26, 2019
    risk 0.00cvss epss 0.02

    An issue was discovered in the orion crate before 0.11.2 for Rust. reset() calls cause incorrect results.

  • CVE-2017-2618MedJul 27, 2018
    risk 0.00cvss 5.5epss 0.00

    A flaw was found in the Linux kernel's handling of clearing SELinux attributes on /proc/pid/attr files before 4.9.10. An empty (null) write to this file can crash the system by causing the system to attempt to access unmapped kernel memory.

  • CVE-2011-3062Mar 30, 2012
    risk 0.00cvss epss 0.02

    Off-by-one error in the OpenType Sanitizer in Google Chrome before 18.0.1025.142 allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted OpenType file.