CWE-768: Incorrect Short Circuit Evaluation

VariantIncompleteExploit Likelihood: Low

The product contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring.

View on MITRE
Back to CWE Lookup

Extended Description

Usage of short circuit evaluation, though well-defined in the C standard, may alter control flow in a way that introduces logic errors that are difficult to detect, possibly causing errors later during the product's execution. If an attacker can discover such an inconsistency, it may be exploitable to gain arbitrary control over a system. If the first condition of an "or" statement is assumed to be true under normal circumstances, or if the first condition of an "and" statement is assumed to be false, then any subsequent conditional may contain its own logic errors that are not detected during code review or testing. Finally, the usage of short circuit evaluation may decrease the maintainability of the code.

Technical Details

Structure
Simple

Applicable To

Languages
Platforms

Frequently Asked Questions

What is CWE-768: Incorrect Short Circuit Evaluation?+

CWE-768: Incorrect Short Circuit Evaluation is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring. Usage of short circuit evaluation, though well-defined in the C standard, may alter control flow in a way that introduces logic errors that are difficult to detect, possibly causing errors later during the product's execution. If an attacker can discover such an inconsistency, it may be exploitable to gain arbitrary control over a system. If the first condition of an "or" statement is assumed to be true under normal circumstances, or if the first condition of an "and" statement is assumed to be false, then any subsequent conditional may contain its own logic errors that are not detected during code review or testing. Finally, the usage of short circuit evaluation may decrease the maintainability of the code.

What are the security consequences of Incorrect Short Circuit Evaluation?+

If exploited, CWE-768 (Incorrect Short Circuit Evaluation) it can compromise Confidentiality, Integrity and Availability, leading to outcomes such as Varies by Context.

How do you prevent or mitigate Incorrect Short Circuit Evaluation?+

Recommended mitigations for CWE-768 include: Minimizing the number of statements in a conditional that produce side effects will help to prevent the likelihood of short circuit evaluation to alter control flow in an unexpected way.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-768 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More