CWE-768 1 個 CVE MITRE 定義 ↗

CWE-768:Incorrect Short Circuit Evaluation

概覽

CWE-768(Incorrect Short Circuit Evaluation)描述一種在漏洞資料庫與安全評估中使用的弱點類型;定義、背景與對應 CVE 見下方各節。

安全影響
安全影響:因產品與情境而異;請結合 CVE 紀錄、嚴重度評分與 MITRE 說明進行優先級判斷。

描述

The product contains a conditional statement with multiple logical expressions in which one of the non-leading expressions may produce side effects. This may lead to an unexpected state in the program after the execution of the conditional, because short-circuiting logic may prevent the side effects from occurring.

適用平台

類型 名稱 普遍性 OS / CPE
language Not Language-Specific Undetermined
language C Undetermined

本庫相關 CVE

下列 CVE 在本庫中對應到該弱點,並保留以便追溯與檢索。

CVE 公開時間 摘要
CVE-2026-35378 2026-04-22 A logic error in the expr utility of uutils coreutils causes the program to evaluate parenthesized subexpressions during the parsing phase rather than at the execution phase. This implementation flaw …

內容提交

名稱
CWE Content Team
組織
MITRE
日期
2009-03-03
版本
1.4

內容修訂

日期 名稱 版本 重要性 評論
2010-09-27 CWE Content Team 1.10 updated Description
2011-09-13 CWE Content Team 2.1 updated Relationships, Taxonomy_Mappings
2012-05-11 CWE Content Team 2.2 updated Relationships
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-11-08 CWE Content Team 3.0 updated Likelihood_of_Exploit, Taxonomy_Mappings
2020-02-24 CWE Content Team 4.0 updated Relationships
2023-01-31 CWE Content Team 4.10 updated Common_Consequences, Description
2023-04-27 CWE Content Team 4.11 updated Relationships
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2023-10-26 CWE Content Team 4.13 updated Common_Consequences
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Detection_Factors, Weakness_Ordinalities
cvelogic Threat Intelligence