oss-sec mailing list archives
Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator?
From: Georgi Guninski <gguninski () gmail com>
Date: Mon, 24 Apr 2023 16:43:29 +0300
Are there real world examples of vulnerabilities of this: https://cwe.mitre.org/data/definitions/1077.html CWE-1077: Floating Point Comparison with Incorrect Operator This issue can prevent the product from running reliably. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability. One simple example in python:
A=(0.1+0.2)+0.3;B=0.1+(0.2+0.3);(A==B,A-B,A,B)
(False, 1.1102230246251565e-16, 0.6000000000000001, 0.6)
Current thread:
- Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator? Georgi Guninski (Apr 24)
- Re: Real world vulnerabilities of CWE-1077: Floating Point Comparison with Incorrect Operator? Solar Designer (May 14)