CVEbaza.plCWE DictionaryCWE-597
Common Weakness Enumeration

CWE-597

Use of Wrong Operator in String Comparison

Category: VariantCVE: 3
Description

The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead.

Extended Description

In Java, using == or != to compare two strings for equality actually compares two objects for equality rather than their string values for equality. Chances are good that the two references will never be equal. While this weakness often only affects program correctness, if the equality is used for a security decision, the unintended comparison result could be leveraged to affect program security.

CVE vulnerabilities with CWE-597 (3)
9.8
CVSS
CRITICAL
CVE-2021-3797

hestiacp is vulnerable to Use of Wrong Operator in String Comparison

pub. 2021-09-15
5.9
CVSS
MEDIUM
CVE-2022-36072

SilverwareGames.io is a social network for users to play video games online. In version 1.1.8 and prior, due to an unobvious feature of PHP, hashes generated by built-in functions and starting with the `0e` symbols were being handled as zero multiplied with the `e` number. Therefore, the hash value was equal to 0. The maintainers fixed this in version 1.1.9 by using `===` instead of `==` in comparisons where it is possible (e.g. on sign in/sign up handlers).

pub. 2022-09-06
5.0
CVSS
MEDIUM
CVE-2021-4259

A vulnerability was found in phpRedisAdmin up to 1.16.1. It has been classified as problematic. This affects the function authHttpDigest of the file includes/login.inc.php. The manipulation of the argument response leads to use of wrong operator in string comparison. Upgrading to version 1.16.2 is able to address this issue. The name of the patch is 31aa7661e6db6f4dffbf9a635817832a0a11c7d9. It is recommended to upgrade the affected component. The associated identifier of this vulnerability is VDB-216267.

pub. 2022-12-19
Information
ID: CWE-597
Type: Variant
Vulnerabilities: 3
MITRE CWE ↗
← CWE Dictionary