{"@ID": "1077", "@Name": "Floating Point Comparison with Incorrect Operator", "@Abstraction": "Variant", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The code performs a comparison such as an\n        equality test between two float (floating point) values, but\n        it uses comparison operators that do not account for the\n        possibility of loss of precision.", "Extended_Description": {"xhtml:p": "Numeric calculation using floating point values\n\t   can generate imprecise results because of rounding errors.\n\t   As a result, two different calculations might generate\n\t   numbers that are mathematically equal, but have slightly\n\t   different bit representations that do not translate to the\n\t   same mathematically-equal values.  As a result, an equality\n\t   test or other comparison might produce unexpected\n\t   results."}, "Related_Weaknesses": {"Related_Weakness": {"@Nature": "ChildOf", "@CWE_ID": "697", "@View_ID": "1000", "@Ordinal": "Primary"}}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Indirect"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Implementation"}}, "Common_Consequences": {"Consequence": {"Scope": "Other", "Impact": "Reduce Reliability", "Note": "This issue can prevent the product from running reliably.  If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability."}}, "Detection_Methods": {"Detection_Method": {"@Detection_Method_ID": "DM-14", "Method": "Automated Static Analysis", "Description": "Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect \"sources\" (origins of input) with \"sinks\" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)"}}, "Taxonomy_Mappings": {"Taxonomy_Mapping": {"@Taxonomy_Name": "OMG ASCRM", "Entry_ID": "ASCRM-RLB-9"}}, "References": {"Reference": [{"@External_Reference_ID": "REF-961", "@Section": "ASCRM-RLB-9"}, {"@External_Reference_ID": "REF-975"}]}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Content_History": {"Submission": {"Submission_Name": "CWE Content Team", "Submission_Organization": "MITRE", "Submission_Date": "2018-07-02", "Submission_Version": "3.2", "Submission_ReleaseDate": "2019-01-03", "Submission_Comment": "Entry derived from Common Quality Enumeration (CQE) Draft 0.9."}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-08-20", "Modification_Version": "4.2", "Modification_ReleaseDate": "2020-08-20", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-01-31", "Modification_Version": "4.10", "Modification_ReleaseDate": "2023-01-31", "Modification_Comment": "updated Description"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms, Common_Consequences, Description, Detection_Factors, Time_of_Introduction"}]}}
