VYPR

CWE-670

Always-Incorrect Control Flow Implementation

ClassDraft

Description

The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.

This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways.

Hierarchy (View 1000)

CVEs mapped to this weakness (68)

page 4 of 4
  • CVE-2022-29255Jun 6, 2022
    risk 0.00cvss epss 0.01

    Vyper is a Pythonic Smart Contract Language for the ethereum virtual machine. In versions prior to 0.3.4 when a calling an external contract with no return value, the contract address (including side effects) could be evaluated twice. This may result in incorrect outcomes for…

  • CVE-2021-43839Dec 21, 2021
    risk 0.00cvss epss 0.01

    Cronos is a commercial implementation of a blockchain. In Cronos nodes running versions before v0.6.5, it is possible to take transaction fees from Cosmos SDK's FeeCollector for the current block by sending a custom crafted MsgEthereumTx. This problem has been patched in Cronos…

  • CVE-2021-41153Oct 18, 2021
    risk 0.00cvss epss 0.01

    The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination…

  • CVE-2021-32684Jun 14, 2021
    risk 0.00cvss epss 0.01

    magento-scripts contains scripts and configuration used by Create Magento App, a zero-configuration tool-chain which allows one to deploy Magento 2. In versions 1.5.1 and 1.5.2, after changing the function from synchronous to asynchronous there wasn't implemented handler in the…

  • CVE-2020-28052Dec 18, 2020
    risk 0.00cvss epss 0.07

    An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were…

  • CVE-2020-1914Oct 8, 2020
    risk 0.00cvss epss 0.02

    A logic vulnerability when handling the SaveGeneratorLong instruction in Facebook Hermes prior to commit b2021df620824627f5a8c96615edbd1eb7fdddfc allows attackers to potentially read out of bounds or theoretically execute arbitrary code via crafted JavaScript. Note that this is…

  • CVE-2014-2686Jan 9, 2020
    risk 0.00cvss epss 0.01

    Ansible prior to 1.5.4 mishandles the evaluation of some strings.

  • CVE-2019-19729Dec 11, 2019
    risk 0.00cvss epss 0.01

    An issue was discovered in the BSON ObjectID (aka bson-objectid) package 1.3.0 for Node.js. ObjectID() allows an attacker to generate a malformed objectid by inserting an additional property to the user-input, because bson-objectid will return early if it detects…