CWE-691: Insufficient Control Flow Management
Official CWE-691 CWE context with Glexia analysis, remediation guidance, related CVEs, and ATT&CK context.
Glexia's Take
CWE-691: Insufficient Control Flow Management
Insufficient Control Flow Management represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
Executive Impact
- Other: Alter Execution Logic
Developer Pattern
CWE-691 is the kind of defect developers can usually prevent with explicit validation, safer framework defaults, and tests that exercise hostile input or unsafe state transitions.
Confidence
high confidence from CWE-691, 4.20.
Official CWE Definition
CWE-691: Insufficient Control Flow Management
The code does not sufficiently manage its control flow during execution, creating conditions in which the control flow can be modified in unexpected ways.
Developer And Remediation Guidance
How teams prevent and detect this weakness
Causes
- The following function attempts to acquire a lock in order to perform operations on a shared resource. However, the code does not check the value returned by pthread_mutex_lock() for errors. If pthread_mutex_lock() cannot acquire the mutex for any reason, the function may introduce a race condition into the program and result in undefined behavior.,In order to avoid data races, correctly written programs must check the result of thread synchronization functions and appropriately handle all errors, either by attempting to recover from them or reporting them to higher levels.
- In this example, the programmer has indented the statements to call Do_X() and Do_Y(), as if the intention is that these functions are only called when the condition is true. However, because there are no braces to signify the block, Do_Y() will always be executed, even if the condition is false. This might not be what the programmer intended. When the condition is critical for security, such as in making a security decision or detecting a critical error, this may produce a vulnerability.
- This function prints the contents of a specified file requested by a user. This code first reads a specified file into memory, then prints the file if the user is authorized to see its contents. The read of the file into memory may be resource intensive and is unnecessary if the user is not allowed to see the file anyway.
Remediation
- Use safe APIs
- Centralize the control
- Add regression tests
- Review logs and telemetry for attempted abuse
Detection
- Code review
- SAST
- DAST
- Focused regression tests
Mappings
Related CVEs, CWEs, and ATT&CK context
Related CWEs
- CWE-1281: Sequence of Processor Instructions Leads to Unexpected Behavior
- CWE-1434: Insecure Setting of Generative AI/ML Model Inference Parameters
- CWE-430: Deployment of Wrong Handler
- CWE-431: Missing Handler
- CWE-662: Improper Synchronization
- CWE-670: Always-Incorrect Control Flow Implementation
- CWE-696: Incorrect Behavior Order
- CWE-705: Incorrect Control Flow Scoping
- CWE-768: Incorrect Short Circuit Evaluation
- CWE-799: Improper Control of Interaction Frequency
- CWE-834: Excessive Iteration
- CWE-841: Improper Enforcement of Behavioral Workflow
ATT&CK Relevance
ATT&CK relevance is shown only when reviewed or responsibly inferred.