1. Home
  2. CWE Database
  3. CWE-691
Pillar · Foundational

CWE-691: Insufficient Control Flow Management

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

CWE-691 · Pillar Level ·4 CVEs

Description

The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

Potential Impact

Other

Alter Execution Logic

Demonstrative Examples

The following function attempts to acquire a lock in order to perform operations on a shared resource.
Bad
void f(pthread_mutex_t *mutex) {
                        pthread_mutex_lock(mutex);
                           
                           /* access shared resource */
                           
                           
                           pthread_mutex_unlock(mutex);
                     }
However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.
In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels.
Good
int f(pthread_mutex_t *mutex) {
                        int result;
                           result = pthread_mutex_lock(mutex);if (0 != result)return result;
                           
                           
                           /* access shared resource */
                           
                           
                           return pthread_mutex_unlock(mutex);
                     }
In this example, the programmer has indented the statements to call Do_X() and Do_Y(), as if the intention is that these functions are only called when the condition is true. However, because there are no braces to signify the block, Do_Y() will always be executed, even if the condition is false.
Bad
if (condition==true)Do_X();Do_Y();
This might not be what the programmer intended. When the condition is critical for security, such as in making a security decision or detecting a critical error, this may produce a vulnerability.
This function prints the contents of a specified file requested by a user.
Bad
function printFile($username,$filename){
               
                 
                 //read file into string
               $file = file_get_contents($filename);if ($file && isOwnerOf($username,$filename)){echo $file;return true;}else{echo 'You are not authorized to view this file';}return false;
               }
This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway.

Real-World CVE Examples

CVE IDDescription
CVE-2024-50653e-commerce product does not restrict the number of requests for coupons
CVE-2019-9805Chain: Creation of the packet client occurs before initialization is complete (CWE-696) resulting in a read from uninitialized memory (CWE-908), causing memory corruption.
CVE-2014-1266Chain: incorrect "goto" in Apple SSL product bypasses certificate validation, allowing Adversary-in-the-Middle (AITM) attack (Apple "goto fail" bug). CWE-705 (Incorrect Control Flow Scoping) -> CWE-56
CVE-2011-1027Chain: off-by-one error (CWE-193) leads to infinite loop (CWE-835) using invalid hex-encoded characters.

Taxonomy Mappings

  • WASC: 40 — Insufficient Process Validation

Frequently Asked Questions

What is CWE-691?

CWE-691 (Insufficient Control Flow Management) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Pillar-level weakness. The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.

How can CWE-691 be exploited?

Attackers can exploit CWE-691 (Insufficient Control Flow Management) to alter execution logic. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-691?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-691?

CWE-691 is classified as a Pillar-level weakness (Foundational abstraction). It has been observed in 4 real-world CVEs.