CWE-670
Allowed-with-ReviewAlways-Incorrect Control Flow Implementation
Abstraction: Class · Status: Draft
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
203 vulnerabilities reference this CWE, most recent first.
GHSA-XQ4J-J5QP-3MFQ
Vulnerability from github – Published: 2023-04-02 21:30 – Updated: 2023-04-10 15:30Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.
{
"affected": [],
"aliases": [
"CVE-2023-20558"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-02T21:15:00Z",
"severity": "HIGH"
},
"details": "Insufficient control flow management in AmdCpmOemSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to an escalation of privileges.",
"id": "GHSA-xq4j-j5qp-3mfq",
"modified": "2023-04-10T15:30:26Z",
"published": "2023-04-02T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20558"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-XW5W-XHJV-GF29
Vulnerability from github – Published: 2026-05-08 09:31 – Updated: 2026-05-08 09:31In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.
{
"affected": [],
"aliases": [
"CVE-2026-44928"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-08T08:16:44Z",
"severity": "LOW"
},
"details": "In uriparser before 1.0.2, the function family EqualsUri can misclassify two unequal URIs as equal.",
"id": "GHSA-xw5w-xhjv-gf29",
"modified": "2026-05-08T09:31:30Z",
"published": "2026-05-08T09:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-44928"
},
{
"type": "WEB",
"url": "https://github.com/uriparser/uriparser/pull/305"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-XWVM-8X4Q-GMR9
Vulnerability from github – Published: 2022-05-24 19:15 – Updated: 2025-10-30 21:30A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound through the wired interface of an affected device. A successful exploit could allow the attacker to cause traffic drops in the affected VLAN, thus triggering the DoS condition.
{
"affected": [],
"aliases": [
"CVE-2021-34767"
],
"database_specific": {
"cwe_ids": [
"CWE-670"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-09-23T03:15:00Z",
"severity": "HIGH"
},
"details": "A vulnerability in IPv6 traffic processing of Cisco IOS XE Wireless Controller Software for Cisco Catalyst 9000 Family Wireless Controllers could allow an unauthenticated, adjacent attacker to cause a Layer 2 (L2) loop in a configured VLAN, resulting in a denial of service (DoS) condition for that VLAN. The vulnerability is due to a logic error when processing specific link-local IPv6 traffic. An attacker could exploit this vulnerability by sending a crafted IPv6 packet that would flow inbound through the wired interface of an affected device. A successful exploit could allow the attacker to cause traffic drops in the affected VLAN, thus triggering the DoS condition.",
"id": "GHSA-xwvm-8x4q-gmr9",
"modified": "2025-10-30T21:30:34Z",
"published": "2022-05-24T19:15:37Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-34767"
},
{
"type": "WEB",
"url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-ipv6-dos-NMYeCnZv"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
No CAPEC attack patterns related to this CWE.