ByteOS Network

CWE-1077:Floating Point Comparison with Incorrect Operator

Weakness ID:1077

Version:v4.17

Weakness Name:Floating Point Comparison with Incorrect Operator

Vulnerability Mapping:Allowed

Abstraction:Variant

Structure:Simple

Status:Incomplete

Details Content History Observed CVE Examples Reports

▼Description

The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.

▼Extended Description

Numeric calculation using floating point values can generate imprecise results because of rounding errors. As a result, two different calculations might generate numbers that are mathematically equal, but have slightly different bit representations that do not translate to the same mathematically-equal values. As a result, an equality test or other comparison might produce unexpected results.

This issue can prevent the product from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.

▼Relationships

Relevant to the view"Research Concepts - (1000)"

Nature	Mapping	Type	ID	Name
ChildOf	Discouraged	P	697	Incorrect Comparison

Nature: ChildOf

Mapping: Discouraged

Type: Pillar

ID: 697

Name: Incorrect Comparison

▼Memberships

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	1129	CISQ Quality Measures (2016) - Reliability
MemberOf	Prohibited	C	1306	CISQ Quality Measures - Reliability
MemberOf	Prohibited	C	1397	Comprehensive Categorization: Comparison

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1129

Name: CISQ Quality Measures (2016) - Reliability

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1306

Name: CISQ Quality Measures - Reliability

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1397

Name: Comprehensive Categorization: Comparison

▼Tags

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	BS	BOSS-317	Reduce Reliability (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-317

Name: Reduce Reliability (impact)

▼Relevant To View

Relevant to the view"CISQ Quality Measures (2020) - (1305)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	1306	CISQ Quality Measures - Reliability

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 1306

Name: CISQ Quality Measures - Reliability

▼Common Consequences

Scope	Likelihood	Impact	Note
Other	N/A	Reduce Reliability	N/A

Scope: Other

Likelihood: N/A

Impact: Reduce Reliability

Note:

N/A

▼Weakness Ordinalities

Ordinality	Description
Indirect	N/A

Ordinality: Indirect

Description:

N/A

▼Vulnerability Mapping Notes

Usage:Allowed

Reason:Acceptable-Use

Rationale:

This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

▼Taxonomy Mappings

Taxonomy Name	Entry ID	Fit	Entry Name
OMG ASCRM	ASCRM-RLB-9	N/A	N/A

Taxonomy Name: OMG ASCRM

Entry ID: ASCRM-RLB-9

Fit: N/A

Entry Name: N/A

▼References

Reference ID: REF-961

Title: Automated Source Code Reliability Measure (ASCRM)

Author: Object Management Group (OMG)

Section: ASCRM-RLB-9

Publication:

URL:http://www.omg.org/spec/ASCRM/1.0/

Day:N/A

Month:01

Year:2016

Reference ID: REF-975

Title: Comparing Floating Point Numbers, 2012 Edition

Author: Bruce Dawson

Publication:

URL:https://randomascii.wordpress.com/2012/02/25/comparing-floating-point-numbers-2012-edition/

Day:25

Month:02

Year:2012