VYPR

CWE-484

Omitted Break Statement in Switch

BaseDraftLikelihood: Medium

Description

The product omits a break statement within a switch or similar construct, causing code associated with multiple conditions to execute. This can cause problems when the programmer only intended to execute code associated with one condition.

This can lead to critical code executing in situations where it should not.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (2)

  • CVE-2025-23204MedMar 24, 2025
    risk 0.22cvss 4.4epss 0.00

    API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this falls back to `security`, the impact…

  • CVE-2026-44075LowMay 21, 2026
    risk 0.17cvss 3.7epss 0.00

    A missing break statement in DSI OpenSession processing in Netatalk 1.5.0 through 4.4.2 causes a DSIOPT_ATTNQUANT switch case to fall through into DSIOPT_SERVQUANT, resulting in unintended session option handling that may allow a remote attacker to cause a minor service…