CWE-363: Race Condition Enabling Link Following

The product checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the product to access the wrong file.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Base

Abstraction

MITRE classification

Overview

While developers might expect that there is a very narrow time window between the time of check and time of use, there is still a race condition. An attacker could cause the product to slow down (e.g. with memory consumption), causing the time window to become larger. Alternately, in some situations, the attacker could win the race by performing a large number of attacks.

CWE-363: Race Condition Enabling Link Following

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-363?

What CVEs are caused by CWE-363?

How is CWE-363 detected?

What are the consequences of CWE-363?

Is CWE-363 actively exploited?

References

Stay ahead of CWE-363

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Related weaknesses

Parent

Can precede

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-363?

What CVEs are caused by CWE-363?

How is CWE-363 detected?

What are the consequences of CWE-363?

Is CWE-363 actively exploited?

References

Stay ahead of CWE-363