SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CWE

Insufficient Comparison

ID: 697		Date: (C)2012-05-14 (M)2022-10-10
Type: weakness		Status: INCOMPLETE
Abstraction Type: Class

Description

The software compares two entities in a security-relevant context, but the comparison is insufficient, which may lead to resultant weaknesses.

Extended Description

This weakness class covers several possibilities:

the comparison checks one factor incorrectly;

the comparison should consider multiple factors, but it does not check some of those factors at all.

Applicable Platforms
None

Time Of Introduction

Implementation

Related Attack Patterns

CAPEC-10
CAPEC-14
CAPEC-15
CAPEC-174
CAPEC-18
CAPEC-182
CAPEC-19
CAPEC-199
CAPEC-24
CAPEC-244
CAPEC-267
CAPEC-3
CAPEC-32
CAPEC-34
CAPEC-4
CAPEC-41
CAPEC-43
CAPEC-44
CAPEC-45
CAPEC-46
CAPEC-47
CAPEC-52
CAPEC-53
CAPEC-6
CAPEC-63
CAPEC-64
CAPEC-66
CAPEC-67
CAPEC-7
CAPEC-71
CAPEC-73
CAPEC-78
CAPEC-79
CAPEC-8
CAPEC-80
CAPEC-86
CAPEC-88
CAPEC-9
CAPEC-91
CAPEC-92

Common Consequences

Scope	Technical Impact	Notes
Other	Other

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWE	Type	View	Chain
CWE-697 ChildOf CWE-907	Category	CWE-888

Demonstrative Examples
None

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

Taxynomy	Id	Name	Fit
CERT C Secure Coding	MSC31-C	Ensure that return values are compared against the proper type
CERT C++ Secure Coding	MSC31-CPP	Ensure that return values are compared against the proper type

References:
None


30479



423868



249461



909



195508



282