CWE-691
DiscouragedInsufficient Control Flow Management
Abstraction: Pillar · Status: Draft
The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
54 vulnerabilities reference this CWE, most recent first.
GHSA-GXXP-J837-WMRJ
Vulnerability from github – Published: 2023-10-09 15:30 – Updated: 2024-04-04 08:26Insufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.
{
"affected": [],
"aliases": [
"CVE-2023-5102"
],
"database_specific": {
"cwe_ids": [
"CWE-691"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-10-09T13:15:10Z",
"severity": "MODERATE"
},
"details": "\nInsufficient Control Flow Management in RDT400 in SICK APU allows an unprivileged remote attacker to potentially enable hidden functionality via HTTP requests.\n\n\n",
"id": "GHSA-gxxp-j837-wmrj",
"modified": "2024-04-04T08:26:15Z",
"published": "2023-10-09T15:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-5102"
},
{
"type": "WEB",
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.json"
},
{
"type": "WEB",
"url": "https://sick.com/.well-known/csaf/white/2023/sca-2023-0010.pdf"
},
{
"type": "WEB",
"url": "https://sick.com/psirt"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-J67C-J5P2-79RX
Vulnerability from github – Published: 2025-05-13 21:30 – Updated: 2025-05-13 21:30Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber™ Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access.
{
"affected": [],
"aliases": [
"CVE-2025-20022"
],
"database_specific": {
"cwe_ids": [
"CWE-691"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T21:16:03Z",
"severity": "MODERATE"
},
"details": "Insufficient control flow management for some Edge Orchestrator software for Intel(R) Tiber\u2122 Edge Platform may allow a privileged user to potentially enable information disclosure via adjacent access.",
"id": "GHSA-j67c-j5p2-79rx",
"modified": "2025-05-13T21:30:55Z",
"published": "2025-05-13T21:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20022"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01239.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:A/AC:H/AT:P/PR:H/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-J8HH-2V2C-WQMV
Vulnerability from github – Published: 2024-01-12 09:30 – Updated: 2024-01-12 09:30Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows attacker to use locked credentials
{
"affected": [],
"aliases": [
"CVE-2023-31211"
],
"database_specific": {
"cwe_ids": [
"CWE-303",
"CWE-670",
"CWE-691"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-12T08:15:43Z",
"severity": "HIGH"
},
"details": "Insufficient authentication flow in Checkmk before 2.2.0p17, 2.1.0p37 and 2.0.0p39 allows attacker to use locked credentials",
"id": "GHSA-j8hh-2v2c-wqmv",
"modified": "2024-01-12T09:30:29Z",
"published": "2024-01-12T09:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-31211"
},
{
"type": "WEB",
"url": "https://checkmk.com/werk/16227"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-MVJ5-X7RR-VVQV
Vulnerability from github – Published: 2024-11-13 21:30 – Updated: 2024-11-13 21:30Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.
{
"affected": [],
"aliases": [
"CVE-2024-25565"
],
"database_specific": {
"cwe_ids": [
"CWE-691"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-11-13T21:15:12Z",
"severity": "MODERATE"
},
"details": "Insufficient control flow management in UEFI firmware for some Intel(R) Xeon(R) Processors may allow an authenticated user to enable denial of service via local access.",
"id": "GHSA-mvj5-x7rr-vvqv",
"modified": "2024-11-13T21:30:35Z",
"published": "2024-11-13T21:30:35Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25565"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-01085.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-Q9FF-79HW-FJPP
Vulnerability from github – Published: 2023-05-10 15:30 – Updated: 2024-04-04 03:59Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2022-37409"
],
"database_specific": {
"cwe_ids": [
"CWE-691"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-05-10T14:15:13Z",
"severity": "MODERATE"
},
"details": "Insufficient control flow management for the Intel(R) IPP Cryptography software before version 2021.6 may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GHSA-q9ff-79hw-fjpp",
"modified": "2024-04-04T03:59:22Z",
"published": "2023-05-10T15:30:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37409"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00788.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-QHR6-MGQR-MCHM
Vulnerability from github – Published: 2025-05-16 14:10 – Updated: 2025-05-16 14:10Impact
concat() may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero:
https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L560-L562
in practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal b""; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. b"" if self.do_some_side_effect() else b"".
the following example demonstrates how the issue would look in user code
counter: public(uint256)
@external
def test() -> Bytes[256]:
a: Bytes[256] = concat(b"" if self.sideeffect() else b"", b"aaaa")
return a
def sideeffect() -> bool:
self.counter += 1
return True
the severity assigned is low, since, as mentioned, this would be a very unusual pattern in user-code.
Patches
fix is tracked in https://github.com/vyperlang/vyper/pull/4644
Workarounds
don't have side effects in expressions which construct zero-length bytestrings.
References
Are there any links users can visit to find out more?
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "vyper"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "0.4.2rc1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-47285"
],
"database_specific": {
"cwe_ids": [
"CWE-691"
],
"github_reviewed": true,
"github_reviewed_at": "2025-05-16T14:10:25Z",
"nvd_published_at": "2025-05-15T18:15:38Z",
"severity": "LOW"
},
"details": "### Impact\n`concat()` may skip evaluation of side effects when the length of an argument is zero. this is due to a fastpath in the implementation which skips evaluation of argument expressions when their length is zero:\nhttps://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L560-L562\n\nin practice, it would be very unusual in user code to construct zero-length bytestrings using an expression with side-effects, since zero-length bytestrings are typically constructed with the empty literal `b\"\"`; the only way to construct an empty bytestring which has side effects would be with the ternary operator introduced in v0.3.8, e.g. `b\"\" if self.do_some_side_effect() else b\"\"`.\n\nthe following example demonstrates how the issue would look in user code\n```vyper\ncounter: public(uint256)\n\n@external\ndef test() -\u003e Bytes[256]:\n a: Bytes[256] = concat(b\"\" if self.sideeffect() else b\"\", b\"aaaa\")\n return a\n\ndef sideeffect() -\u003e bool:\n self.counter += 1\n return True\n```\n\nthe severity assigned is low, since, as mentioned, this would be a very unusual pattern in user-code.\n\n### Patches\n\nfix is tracked in https://github.com/vyperlang/vyper/pull/4644\n\n### Workarounds\ndon\u0027t have side effects in expressions which construct zero-length bytestrings.\n\n### References\n_Are there any links users can visit to find out more?_",
"id": "GHSA-qhr6-mgqr-mchm",
"modified": "2025-05-16T14:10:25Z",
"published": "2025-05-16T14:10:25Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/security/advisories/GHSA-qhr6-mgqr-mchm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-47285"
},
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/pull/4644"
},
{
"type": "PACKAGE",
"url": "https://github.com/vyperlang/vyper"
},
{
"type": "WEB",
"url": "https://github.com/vyperlang/vyper/blob/68b68c4b30c5ef2f312b4674676170b8a6eaa316/vyper/builtins/functions.py#L560-L562"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P",
"type": "CVSS_V4"
}
],
"summary": "Vyper\u0027s `concat()` builtin may elide side-effects for zero-length arguments"
}
GHSA-R2G5-CC54-VCHQ
Vulnerability from github – Published: 2025-05-13 21:30 – Updated: 2025-05-13 21:30Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access.
{
"affected": [],
"aliases": [
"CVE-2025-20004"
],
"database_specific": {
"cwe_ids": [
"CWE-691"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-05-13T21:16:02Z",
"severity": "HIGH"
},
"details": "Insufficient control flow management in the Alias Checking Trusted Module for some Intel(R) Xeon(R) 6 processor E-Cores firmware may allow a privileged user to potentially enable escalation of privilege via local access.",
"id": "GHSA-r2g5-cc54-vchq",
"modified": "2025-05-13T21:30:55Z",
"published": "2025-05-13T21:30:55Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-20004"
},
{
"type": "WEB",
"url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01273.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:L/AC:H/AT:P/PR:H/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
"type": "CVSS_V4"
}
]
}
GHSA-RQJ6-65X2-R2VH
Vulnerability from github – Published: 2023-11-14 21:31 – Updated: 2023-11-14 21:31Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.
{
"affected": [],
"aliases": [
"CVE-2022-46299"
],
"database_specific": {
"cwe_ids": [
"CWE-691"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-11-14T19:15:14Z",
"severity": "LOW"
},
"details": "Insufficient control flow management for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access.",
"id": "GHSA-rqj6-65x2-r2vh",
"modified": "2023-11-14T21:31:00Z",
"published": "2023-11-14T21:31:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-46299"
},
{
"type": "WEB",
"url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00963.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-V2CG-42GP-PJQV
Vulnerability from github – Published: 2023-04-02 21:30 – Updated: 2023-04-10 15:30Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.
{
"affected": [],
"aliases": [
"CVE-2023-20559"
],
"database_specific": {
"cwe_ids": [
"CWE-691"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-02T21:15:00Z",
"severity": "HIGH"
},
"details": "Insufficient control flow management in AmdCpmGpioInitSmm may allow a privileged attacker to tamper with the SMM handler potentially leading to escalation of privileges.",
"id": "GHSA-v2cg-42gp-pjqv",
"modified": "2023-04-10T15:30:27Z",
"published": "2023-04-02T21:30:17Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-20559"
},
{
"type": "WEB",
"url": "https://www.amd.com/en/resources/product-security/bulletin/amd-sb-1027.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-VQWH-MV63-C273
Vulnerability from github – Published: 2023-04-28 12:30 – Updated: 2024-04-04 03:43In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible
{
"affected": [],
"aliases": [
"CVE-2022-48481"
],
"database_specific": {
"cwe_ids": [
"CWE-691"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-04-28T10:15:09Z",
"severity": "HIGH"
},
"details": "In JetBrains Toolbox App before 1.28 a DYLIB injection on macOS was possible",
"id": "GHSA-vqwh-mv63-c273",
"modified": "2024-04-04T03:43:23Z",
"published": "2023-04-28T12:30:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-48481"
},
{
"type": "WEB",
"url": "https://www.jetbrains.com/privacy-security/issues-fixed"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N",
"type": "CVSS_V3"
}
]
}
No mitigation information available for this CWE.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.