CWE-682 128 個 CVE MITRE 定義 ↗

CWE-682:Incorrect Calculation

概覽

CWE-682(Incorrect Calculation)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
technology Not Technology-Specific Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-55597 2026-07-01 ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to version 7.1.2-26, an incorrect handling of arguments can cause a heap buffer over-write in the J…
CVE-2026-10512 2026-06-25 The X25519 x86_64 assembly implementation fails to clear the most significant bit during the final modular reduction, so the computed result may not be fully reduced modulo the field prime 2^255 - 19.…
CVE-2026-44074 2026-05-21 Netatalk 2.1.0 through 4.4.2 combines multiple errno values using bitwise OR, resulting in incorrect error codes when multiple error conditions occur simultaneously, which may allow a remote attacker …
CVE-2026-7836 2026-05-21 An incorrect calculation in the hextoint macro in Netatalk 2.0.0 through 4.4.2 due to improper uppercase character handling allows a remote authenticated attacker to cause limited data modification vi…
CVE-2023-7346 2026-05-20 Ledger Bitcoin app versions 2.1.0 and 2.1.1 contain an address derivation vulnerability that allows attackers to cause incorrect Bitcoin addresses to be displayed by exploiting improper handling of mi…
CVE-2026-44498 2026-05-08 ZEBRA is a Zcash node written entirely in Rust. Prior to version 4.4.0, Zebra's block validator undercounts transparent signature operations against the 20000-sigop block limit (MAX_BLOCK_SIGOPS), all…
CVE-2026-33487 2026-03-26 goxmlsig provides XML Digital Signatures implemented in Go. Prior to version 1.6.0, the `validateSignature` function in `validate.go` goes through the references in the `SignedInfo` block to find one …
CVE-2026-28410 2026-03-05 The Graph is an indexing protocol for querying networks like Ethereum, IPFS, Polygon, and other blockchains. Prior to version 3.0.0, a flaw in the token vesting contracts allows users to access tokens…
CVE-2026-1229 2026-02-24 The CombinedMult function in the CIRCL ecc/p384 package (secp384r1 curve) produces an incorrect value for specific inputs. The issue is fixed by using complete addition formulas. ECDH and ECDSA signin…
CVE-2026-25634 2026-02-06 iccDEV provides a set of libraries and tools that allow for the interaction, manipulation, and application of ICC color management profiles. Prior to 2.3.1.4, SrcPixel and DestPixel stack buffers over…
CVE-2026-24783 2026-01-27 soroban-fixed-point-math is a fixed-point math library for Soroban smart contacts. In versions 1.3.0 and 1.4.0, the `mulDiv(x, y, z)` function incorrectly handled cases where both the intermediate pro…
CVE-2026-0810 2026-01-26 A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `Ti…
CVE-2026-21911 2026-01-15 An Incorrect Calculation vulnerability in the Layer 2 Control Protocol Daemon (l2cpd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-adjacent attacker flapping the manageme…
CVE-2025-55552 2025-09-25 pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together.
CVE-2025-59047 2025-09-11 matrix-sdk-base is the base component to build a Matrix client library. In matrix-sdk-base before 0.14.1, calling the `RoomMember::normalized_power_level()` method can cause a panic if a room member h…
CVE-2025-54427 2025-07-28 Polkadot Frontier is an Ethereum and EVM compatibility layer for Polkadot and Substrate. The extrinsic note_min_gas_price_target is an inherent extrinsic, meaning only the block producer can call it. …
CVE-2025-5372 2025-07-04 A flaw was found in libssh versions built with OpenSSL versions older than 3.0, specifically in the ssh_kdf() function responsible for key derivation. Due to inconsistent interpretation of return valu…
CVE-2025-0036 2025-06-09 In AMD Versal Adaptive SoC devices, the incorrect configuration of the SSS during runtime (post-boot) cryptographic operations could cause data to be incorrectly written to and read from invalid locat…
CVE-2025-4435 2025-06-03 When using a TarFile.errorlevel = 0 and extracting with a filter the documented behavior is that any filtered members would be skipped and not extracted. However the actual behavior of TarFile.errorle…
CVE-2025-26622 2025-02-21 vyper is a Pythonic Smart Contract Language for the EVM. Vyper `sqrt()` builtin uses the babylonian method to calculate square roots of decimals. Unfortunately, improper handling of the oscillating fi…

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2008-04-11
版本
Draft 9

內容修訂

日期 名稱 版本 重要性 評論
2008-07-01 Eric Dalci 1.0 updated Potential_Mitigations, Time_of_Introduction
2008-09-08 CWE Content Team 1.0 updated Relationships
2008-10-14 CWE Content Team 1.0.1 updated Type
2008-11-24 CWE Content Team 1.1 updated Relationships, Taxonomy_Mappings
2009-01-12 CWE Content Team 1.2 updated Applicable_Platforms, Common_Consequences, Demonstrative_Examples, Description, Likelihood_of_Exploit, Potential_Mitigations, Relationships
2009-03-10 CWE Content Team 1.3 updated Potential_Mitigations
2009-05-27 CWE Content Team 1.4 updated Demonstrative_Examples
2009-07-27 CWE Content Team 1.5 updated Demonstrative_Examples, Related_Attack_Patterns
2009-10-29 CWE Content Team 1.6 updated Demonstrative_Examples, Relationships
2010-02-16 CWE Content Team 1.8 updated Potential_Mitigations
2010-04-05 CWE Content Team 1.8.1 updated Detection_Factors, Potential_Mitigations, References
2010-06-21 CWE Content Team 1.9 updated Potential_Mitigations
2010-09-27 CWE Content Team 1.10 updated Potential_Mitigations
2011-03-29 CWE Content Team 1.12 updated Relationships
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Demonstrative_Examples, References, Relationships
2014-02-18 CWE Content Team 2.6 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships
2015-12-07 CWE Content Team 2.9 updated Relationships
2017-01-19 CWE Content Team 2.10 updated Applicable_Platforms
2017-11-08 CWE Content Team 3.0 updated Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Relationships
2019-06-20 CWE Content Team 3.3 updated Related_Attack_Patterns, Relationships
2020-02-24 CWE Content Team 4.0 updated Applicable_Platforms, Observed_Examples, Relationships, Type
2020-08-20 CWE Content Team 4.2 updated Relationships
2020-12-10 CWE Content Team 4.3 updated Relationships
2021-07-20 CWE Content Team 4.5 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Description, Potential_Mitigations
2023-04-27 CWE Content Team 4.11 updated Relationships, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes, Research_Gaps
2025-09-09 CWE Content Team 4.18 updated References
2025-12-11 CWE Content Team 4.19 updated Weakness_Ordinalities
2026-04-30 CWE Content Team 4.20 updated Detection_Factors, Observed_Examples, Potential_Mitigations
cvelogic Threat Intelligence