1. Home
  2. CWE Database
  3. CWE-1077
Variant · Low-Medium

CWE-1077: Floating Point Comparison with Incorrect Operator

The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of l...

CWE-1077 · Variant Level

Description

The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision.

Numeric calculation using floating point values can generate imprecise results because of rounding errors. As a result, two different calculations might generate numbers that are mathematically equal, but have slightly different bit representations that do not translate to the same mathematically-equal values. As a result, an equality test or other comparison might produce unexpected results.

Potential Impact

Other

Reduce Reliability

Detection Methods

  • Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

CWE-697: Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect.

Taxonomy Mappings

  • OMG ASCRM: ASCRM-RLB-9 —

Frequently Asked Questions

What is CWE-1077?

CWE-1077 (Floating Point Comparison with Incorrect Operator) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of l...

How can CWE-1077 be exploited?

Attackers can exploit CWE-1077 (Floating Point Comparison with Incorrect Operator) to reduce reliability. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-1077?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-1077?

CWE-1077 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.