CWE-482: Comparing instead of Assigning

VariantDraftExploit Likelihood: Low

The code uses an operator for comparison when the intention was to perform an assignment.

View on MITRE
Back to CWE Lookup

Extended Description

In many languages, the compare statement is very close in appearance to the assignment statement; they are often confused.

Technical Details

Structure
Simple
Vulnerability Mapping
ALLOWED

Applicable To

Languages
CC++
Platforms

Frequently Asked Questions

What is CWE-482: Comparing instead of Assigning?+

CWE-482: Comparing instead of Assigning is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The code uses an operator for comparison when the intention was to perform an assignment. In many languages, the compare statement is very close in appearance to the assignment statement; they are often confused.

What are the security consequences of Comparing instead of Assigning?+

If exploited, CWE-482 (Comparing instead of Assigning) it can compromise Availability and Integrity, leading to outcomes such as Unexpected State.

How do you prevent or mitigate Comparing instead of Assigning?+

Recommended mitigations for CWE-482 include: Many IDEs and static analysis products will detect this problem.

Which programming languages are affected by Comparing instead of Assigning?+

CWE-482 commonly affects C and C++. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-482 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More