CWE-691: Insufficient Control Flow Management

High · CVSS 8.6

2022-04-15

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following function attempts to acquire a lock in order to perform operations on a shared resource.

Vulnerable example

void f(pthread_mutex_t *mutex) {

Safe example

int f(pthread_mutex_t *mutex) {

In this example, the programmer has indented the statements to call Do_X() and Do_Y(), as if the intention is that these functions are only called when the condition is true. However, because there are no braces to signify the block, Do_Y() will always be executed, even if the condition is false.

Vulnerable example

if (condition==true)

This might not be what the programmer intended. When the condition is critical for security, such as in making a security decision or detecting a critical error, this may produce a vulnerability.

This function prints the contents of a specified file requested by a user.

Vulnerable example

php

function printFile($username,$filename){

This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway.

CWE-691: Insufficient Control Flow Management

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-691?

What CVEs are caused by CWE-691?

What are the consequences of CWE-691?

Is CWE-691 actively exploited?

References

Stay ahead of CWE-691

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Code examples

Illustrative examples

Related weaknesses

Child

Peer

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-691?

What CVEs are caused by CWE-691?

What are the consequences of CWE-691?

Is CWE-691 actively exploited?

References

Stay ahead of CWE-691