Common Weakness Enumeration

CWE-691

Discouraged

Insufficient Control Flow Management

Abstraction: Pillar · Status: Draft

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

54 vulnerabilities reference this CWE, most recent first.

GHSA-GXXP-J837-WMRJ

Vulnerability from github – Published: 2023-10-09 15:30 – Updated: 2024-04-04 08:26
VLAI
Details

Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-5102"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-10-09T13:15:10Z",
    "severity": "MODERATE"
  },
  "details": "\nInsufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.\n\n\n",
  "id": "GHSA-gxxp-j837-wmrj",
  "modified": "2024-04-04T08:26:15Z",
  "published": "2023-10-09T15:30:24Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5102"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf"
    },
    {
      "type": "WEB",
      "url": "https://sick.com/psirt"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-J67C-J5P2-79RX

Vulnerability from github – Published: 2025-05-13 21:30 – Updated: 2025-05-13 21:30
VLAI
Details

Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20022"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T21:16:03Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access.",
  "id": "GHSA-j67c-j5p2-79rx",
  "modified": "2025-05-13T21:30:55Z",
  "published": "2025-05-13T21:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20022"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-J8HH-2V2C-WQMV

Vulnerability from github – Published: 2024-01-12 09:30 – Updated: 2024-01-12 09:30
VLAI
Details

Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows attacker to use locked credentials

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-31211"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-303",
      "CWE-670",
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-12T08:15:43Z",
    "severity": "HIGH"
  },
  "details": "Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows attacker to use locked credentials",
  "id": "GHSA-j8hh-2v2c-wqmv",
  "modified": "2024-01-12T09:30:29Z",
  "published": "2024-01-12T09:30:29Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31211"
    },
    {
      "type": "WEB",
      "url": "https://checkmk.com/werk/16227"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-MVJ5-X7RR-VVQV

Vulnerability from github – Published: 2024-11-13 21:30 – Updated: 2024-11-13 21:30
VLAI
Details

Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-25565"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-11-13T21:15:12Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.",
  "id": "GHSA-mvj5-x7rr-vvqv",
  "modified": "2024-11-13T21:30:35Z",
  "published": "2024-11-13T21:30:35Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25565"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01085.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-Q9FF-79HW-FJPP

Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2024-04-04 03:59
VLAI
Details

Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37409"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-05-10T14:15:13Z",
    "severity": "MODERATE"
  },
  "details": "Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.",
  "id": "GHSA-q9ff-79hw-fjpp",
  "modified": "2024-04-04T03:59:22Z",
  "published": "2023-05-10T15:30:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37409"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-QHR6-MGQR-MCHM

Vulnerability from github – Published: 2025-05-16 14:10 – Updated: 2025-05-16 14:10
VLAI
Summary
Vyper's `concat()` builtin may elide side-effects for zero-length arguments
Details

Impact

concat() may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero: https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L560-L562

in practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal b""; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. b"" if self.do_some_side_effect() else b"".

the following example demonstrates how the issue would look in user code

counter: public(uint256)

@external
def test() -> Bytes[256]:
    a: Bytes[256] = concat(b"" if self.sideeffect() else b"", b"aaaa")
    return a

def sideeffect() -> bool:
    self.counter += 1
    return True

the severity assigned is low, since, as mentioned, this would be a very unusual pattern in user-code.

Patches

fix is tracked in https://github.com/vyperlang/vyper/pull/4644

Workarounds

don't have side effects in expressions which construct zero-length bytestrings.

References

Are there any links users can visit to find out more?

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vyper"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "0.4.2rc1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-47285"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-691"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-05-16T14:10:25Z",
    "nvd_published_at": "2025-05-15T18:15:38Z",
    "severity": "LOW"
  },
  "details": "### Impact\n`concat()` may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero:\nhttps://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L560-L562\n\nin practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal `b\"\"`; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. `b\"\" if self.do_some_side_effect() else b\"\"`.\n\nthe following example demonstrates how the issue would look in user code\n```vyper\ncounter: public(uint256)\n\n@external\ndef test() -\u003e Bytes[256]:\n    a: Bytes[256] = concat(b\"\" if self.sideeffect() else b\"\", b\"aaaa\")\n    return a\n\ndef sideeffect() -\u003e bool:\n    self.counter += 1\n    return True\n```\n\nthe severity assigned is low, since, as mentioned, this would be a very unusual pattern in user-code.\n\n### Patches\n\nfix is tracked in https://github.com/vyperlang/vyper/pull/4644\n\n### Workarounds\ndon\u0027t have side effects in expressions which construct zero-length bytestrings.\n\n### References\n_Are there any links users can visit to find out more?_",
  "id": "GHSA-qhr6-mgqr-mchm",
  "modified": "2025-05-16T14:10:25Z",
  "published": "2025-05-16T14:10:25Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-qhr6-mgqr-mchm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47285"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vyperlang/vyper/pull/4644"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vyperlang/vyper"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L560-L562"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Vyper\u0027s `concat()` builtin may elide side-effects for zero-length arguments"
}

GHSA-R2G5-CC54-VCHQ

Vulnerability from github – Published: 2025-05-13 21:30 – Updated: 2025-05-13 21:30
VLAI
Details

Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2025-20004"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-05-13T21:16:02Z",
    "severity": "HIGH"
  },
  "details": "Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-r2g5-cc54-vchq",
  "modified": "2025-05-13T21:30:55Z",
  "published": "2025-05-13T21:30:55Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20004"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01273.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-RQJ6-65X2-R2VH

Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31
VLAI
Details

Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-46299"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-11-14T19:15:14Z",
    "severity": "LOW"
  },
  "details": "Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.",
  "id": "GHSA-rqj6-65x2-r2vh",
  "modified": "2023-11-14T21:31:00Z",
  "published": "2023-11-14T21:31:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46299"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-V2CG-42GP-PJQV

Vulnerability from github – Published: 2023-04-02 21:30 – Updated: 2023-04-10 15:30
VLAI
Details

Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-20559"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-02T21:15:00Z",
    "severity": "HIGH"
  },
  "details": "Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.",
  "id": "GHSA-v2cg-42gp-pjqv",
  "modified": "2023-04-10T15:30:27Z",
  "published": "2023-04-02T21:30:17Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20559"
    },
    {
      "type": "WEB",
      "url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-VQWH-MV63-C273

Vulnerability from github – Published: 2023-04-28 12:30 – Updated: 2024-04-04 03:43
VLAI
Details

In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-48481"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-691"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-04-28T10:15:09Z",
    "severity": "HIGH"
  },
  "details": "In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible",
  "id": "GHSA-vqwh-mv63-c273",
  "modified": "2024-04-04T03:43:23Z",
  "published": "2023-04-28T12:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48481"
    },
    {
      "type": "WEB",
      "url": "https://www.jetbrains.com/privacy-security/issues-fixed"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

No mitigation information available for this CWE.

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.