Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-670 (控制流实现总是不正确) — Vulnerability Class 70

70 vulnerabilities classified as CWE-670 (控制流实现总是不正确). AI Chinese analysis included.

CWE-670 represents a critical implementation flaw where the actual control flow diverges from the intended algorithmic logic, resulting in consistent incorrect behavior whenever the erroneous path is executed. This weakness typically arises from misunderstandings of language syntax, such as omitting braces in conditional statements or misusing loop structures, causing unintended execution sequences. Attackers exploit these logical gaps to bypass security checks, manipulate data integrity, or trigger denial-of-service conditions by forcing the application down an unexpected code path. To prevent CWE-670, developers must rigorously adhere to coding standards, utilize static analysis tools to detect structural anomalies, and employ comprehensive unit testing that specifically targets edge cases and complex branching logic. Clear code formatting and peer reviews further ensure that the implemented flow accurately mirrors the designed algorithm, eliminating ambiguity and ensuring predictable system behavior.

MITRE CWE Description
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated. This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways.
Common Consequences (1)
OtherOther, Alter Execution Logic
Examples (2)
This code queries a server and displays its status when a request comes from an authorized IP address.
$requestingIP = $_SERVER['REMOTE_ADDR']; if(!in_array($requestingIP,$ipAllowList)){ echo "You are not authorized to view this page"; http_redirect($errorPageURL); } $status = getServerStatus(); echo $status; ...
Bad · PHP
In this example, the programmer has indented the statements to call Do_X() and Do_Y(), as if the intention is that these functions are only called when the condition is true. However, because there are no braces to signify the block, Do_Y() will always be executed, even if the condition is false.
if (condition==true) Do_X(); Do_Y();
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2022-29255 Multiple evaluation of contract address in call in vyper — vyper 8.2 High2022-06-06
CVE-2022-26890 多款F5 BIG-IP产品安全漏洞 — BIG-IP Advanced WAF, ASM, and APM 7.5 High2022-05-05
CVE-2022-21655 Incorrect handling of internal redirects results in crash in Envoy — envoy 7.5 High2022-02-22
CVE-2022-21679 Authorization Policy bypass in Istio — istio 6.8 Medium2022-01-19
CVE-2021-43839 Drainage of FeeCollector's Block Transaction Fees — cronos 7.5 High2021-12-21
CVE-2021-41153 Specification non-compliance in JUMPI — evm 8.7 High2021-10-18
CVE-2021-34767 Cisco IOS XE Software for Catalyst 9800 Series Wireless Controllers IPv6 Denial of Service Vulnerability — Cisco IOS XE Software 7.4 High2021-09-23
CVE-2021-32684 Missing Handler in @scandipwa/magento-scripts — create-magento-app 6.2 Medium2021-06-14
CVE-2021-1236 Multiple Cisco Products Snort Application Detection Engine Policy Bypass Vulnerability — Cisco Firepower Threat Defense Software 5.3 -2021-01-13
CVE-2020-1914 Facebook Hermes 安全漏洞 — Hermes 9.8 -2020-10-08

Vulnerabilities classified as CWE-670 (控制流实现总是不正确) represent 70 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.