Common Weakness Enumeration

CWE-665

Discouraged

Improper Initialization

Abstraction: Class · Status: Draft

The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.

426 vulnerabilities reference this CWE, most recent first.

GHSA-7RRJ-XR53-82P7

Vulnerability from github – Published: 2023-01-06 21:40 – Updated: 2023-01-06 21:40
VLAI
Summary
Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe
Details

Impact

When configuring a Windows named pipe server, setting pipe_mode will reset reject_remote_clients to false. If the application has previously configured reject_remote_clients to true, this effectively undoes the configuration. This also applies if reject_remote_clients is not explicitly set as this is the default configuration and is cleared by calling pipe_mode.

Remote clients may only access the named pipe if the named pipe's associated path is accessible via a publically shared folder (SMB).

Patches

The following versions have been patched: * 1.23.1 * 1.20.3 * 1.18.4

The fix will also be present in all releases starting from version 1.24.0.

Named pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected.

Workarounds

Ensure that pipe_mode is set first after initializing a ServerOptions. For example:

let mut opts = ServerOptions::new();
opts.pipe_mode(PipeMode::Message);
opts.reject_remote_clients(true);

References

https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea#pipe_reject_remote_clients

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "tokio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.7.0"
            },
            {
              "fixed": "1.18.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "tokio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.19.0"
            },
            {
              "fixed": "1.20.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "crates.io",
        "name": "tokio"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "1.21.0"
            },
            {
              "fixed": "1.23.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-22466"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-01-06T21:40:58Z",
    "nvd_published_at": "2023-01-04T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nWhen configuring a Windows named pipe server, setting `pipe_mode` will reset `reject_remote_clients` to `false`. If the application has previously configured `reject_remote_clients` to `true`, this effectively undoes the configuration. This also applies if `reject_remote_clients` is not explicitly set as this is the default configuration and is cleared by calling `pipe_mode`.\n\nRemote clients may only access the named pipe if the named pipe\u0027s associated path is accessible via a publically shared folder (SMB).\n\n### Patches\n\nThe following versions have been patched:\n* 1.23.1\n* 1.20.3\n* 1.18.4\n\nThe fix will also be present in all releases starting from version 1.24.0.\n\nNamed pipes were introduced to Tokio in version 1.7.0, so releases older than 1.7.0 are not affected.\n\n### Workarounds\n\nEnsure that `pipe_mode` is set **first** after initializing a `ServerOptions`. For example:\n\n```rust\nlet mut opts = ServerOptions::new();\nopts.pipe_mode(PipeMode::Message);\nopts.reject_remote_clients(true);\n```\n\n### References\n\nhttps://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea#pipe_reject_remote_clients\n",
  "id": "GHSA-7rrj-xr53-82p7",
  "modified": "2023-01-06T21:40:58Z",
  "published": "2023-01-06T21:40:58Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/tokio-rs/tokio/security/advisories/GHSA-7rrj-xr53-82p7"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-22466"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tokio-rs/tokio/pull/5336"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/tokio-rs/tokio"
    },
    {
      "type": "WEB",
      "url": "https://github.com/tokio-rs/tokio/releases/tag/tokio-1.23.1"
    },
    {
      "type": "WEB",
      "url": "https://learn.microsoft.com/en-us/windows/win32/api/winbase/nf-winbase-createnamedpipea#pipe_reject_remote_clients"
    },
    {
      "type": "WEB",
      "url": "https://rustsec.org/advisories/RUSTSEC-2023-0001.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:L",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Tokio reject_remote_clients configuration may get dropped when creating a Windows named pipe"
}

GHSA-7X5C-HVWV-CHX9

Vulnerability from github – Published: 2022-11-11 19:00 – Updated: 2022-11-16 19:00
VLAI
Details

Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2022-37334"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-11-11T16:15:00Z",
    "severity": "HIGH"
  },
  "details": "Improper initialization in BIOS firmware for some Intel(R) NUC 11 Pro Kits and Intel(R) NUC 11 Pro Boards before version TNTGL357.0064 may allow an authenticated user to potentially enable escalation of privilege via local access.",
  "id": "GHSA-7x5c-hvwv-chx9",
  "modified": "2022-11-16T19:00:28Z",
  "published": "2022-11-11T19:00:30Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-37334"
    },
    {
      "type": "WEB",
      "url": "https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00752.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-83R5-W7X4-GJJW

Vulnerability from github – Published: 2022-05-24 17:32 – Updated: 2023-01-09 18:30
VLAI
Details

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-9863"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-10-22T18:15:00Z",
    "severity": "HIGH"
  },
  "details": "A memory initialization issue was addressed with improved memory handling. This issue is fixed in iOS 13.6 and iPadOS 13.6, macOS Catalina 10.15.6, tvOS 13.4.8, watchOS 6.2.8. An application may be able to execute arbitrary code with kernel privileges.",
  "id": "GHSA-83r5-w7x4-gjjw",
  "modified": "2023-01-09T18:30:24Z",
  "published": "2022-05-24T17:32:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-9863"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211288"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211289"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211290"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT211291"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-86WF-436M-H424

Vulnerability from github – Published: 2022-01-06 20:30 – Updated: 2021-03-31 21:09
VLAI
Summary
Resource Exhaustion Denial of Service in http-proxy-agent
Details

A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "http-proxy-agent"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.1.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2019-10196"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-03-22T22:28:09Z",
    "nvd_published_at": "2021-03-19T20:15:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was found in http-proxy-agent, prior to version 2.1.0. It was discovered http-proxy-agent passes an auth option to the Buffer constructor without proper sanitization. This could result in a Denial of Service through the usage of all available CPU resources and data exposure through an uninitialized memory leak in setups where an attacker could submit typed input to the auth parameter.",
  "id": "GHSA-86wf-436m-h424",
  "modified": "2021-03-31T21:09:25Z",
  "published": "2022-01-06T20:30:13Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10196"
    },
    {
      "type": "WEB",
      "url": "https://github.com/TooTallNate/node-http-proxy-agent/commit/b7b7cc793c3226aa83f820ce5c277e81862d32eb"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1567245"
    },
    {
      "type": "WEB",
      "url": "https://www.npmjs.com/advisories/607"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Resource Exhaustion Denial of Service in http-proxy-agent "
}

GHSA-8799-XC4M-6FCP

Vulnerability from github – Published: 2025-02-13 00:33 – Updated: 2025-02-13 00:33
VLAI
Details

Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26021"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2025-02-12T22:15:31Z",
    "severity": "MODERATE"
  },
  "details": "Improper initialization in the firmware for some Intel(R) AMT and Intel(R) Standard Manageability may allow a privileged user to potentially enable information disclosure via local access.",
  "id": "GHSA-8799-xc4m-6fcp",
  "modified": "2025-02-13T00:33:04Z",
  "published": "2025-02-13T00:33:04Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26021"
    },
    {
      "type": "WEB",
      "url": "https://intel.com/content/www/us/en/security-center/advisory/intel-sa-01152.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",
      "type": "CVSS_V4"
    }
  ]
}

GHSA-87QR-9Q4H-M9JH

Vulnerability from github – Published: 2022-05-24 17:33 – Updated: 2022-05-24 17:33
VLAI
Details

Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2020-3573"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119",
      "CWE-665"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-11-06T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple vulnerabilities in Cisco Webex Network Recording Player for Windows and Cisco Webex Player for Windows could allow an attacker to execute arbitrary code on an affected system. The vulnerabilities are due to insufficient validation of certain elements of a Webex recording that is stored in the Advanced Recording Format (ARF) or Webex Recording Format (WRF). An attacker could exploit these vulnerabilities by sending a user a malicious ARF or WRF file through a link or email attachment and persuading the user to open the file with the affected software on the local system. A successful exploit could allow the attacker to execute arbitrary code on the affected system with the privileges of the targeted user.",
  "id": "GHSA-87qr-9q4h-m9jh",
  "modified": "2022-05-24T17:33:21Z",
  "published": "2022-05-24T17:33:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-3573"
    },
    {
      "type": "WEB",
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-webex-nbr-NOS6FQ24"
    },
    {
      "type": "WEB",
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-20-1362"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GHSA-87VR-968R-R3QP

Vulnerability from github – Published: 2022-05-13 01:38 – Updated: 2022-05-13 01:38
VLAI
Details

A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select 'login as another user' to unlock their screen.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2017-12164"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2018-07-26T16:29:00Z",
    "severity": "MODERATE"
  },
  "details": "A flaw was discovered in gdm 3.24.1 where gdm greeter was no longer setting the ran_once boolean during autologin. If autologin was enabled for a victim, an attacker could simply select \u0027login as another user\u0027 to unlock their screen.",
  "id": "GHSA-87vr-968r-r3qp",
  "modified": "2022-05-13T01:38:14Z",
  "published": "2022-05-13T01:38:14Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12164"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-12164"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.gnome.org/GNOME/gdm/commit/ff98b28"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-87WQ-V8R3-XXX5

Vulnerability from github – Published: 2022-05-24 17:38 – Updated: 2024-10-08 18:32
VLAI
Details

Windows Installer Elevation of Privilege Vulnerability

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2021-1661"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-269",
      "CWE-665"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-01-12T20:15:00Z",
    "severity": "HIGH"
  },
  "details": "Windows Installer Elevation of Privilege Vulnerability",
  "id": "GHSA-87wq-v8r3-xxx5",
  "modified": "2024-10-08T18:32:57Z",
  "published": "2022-05-24T17:38:45Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1661"
    },
    {
      "type": "WEB",
      "url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-1661"
    },
    {
      "type": "WEB",
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2021-1661"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-88G8-F5MF-F5RJ

Vulnerability from github – Published: 2022-02-05 00:00 – Updated: 2022-02-11 16:20
VLAI
Summary
Improper Initialization in OpenZeppelin
Details

In OpenZeppelin <=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "@openzeppelin/contracts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "4.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-46320"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-11T16:20:03Z",
    "nvd_published_at": "2022-02-04T12:15:00Z",
    "severity": "HIGH"
  },
  "details": "In OpenZeppelin \u003c=v4.4.0, initializer functions that are invoked separate from contract creation (the most prominent example being minimal proxies) may be reentered if they make an untrusted non-view external call. Once an initializer has finished running it can never be re-executed. However, an exception put in place to support multiple inheritance made reentrancy possible, breaking the expectation that there is a single execution.",
  "id": "GHSA-88g8-f5mf-f5rj",
  "modified": "2022-02-11T16:20:03Z",
  "published": "2022-02-05T00:00:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/security/advisories/GHSA-9c22-pwxw-p6hx"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-46320"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/pull/3006"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts"
    },
    {
      "type": "WEB",
      "url": "https://github.com/OpenZeppelin/openzeppelin-contracts/releases/tag/v4.4.1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Initialization in OpenZeppelin"
}

GHSA-89R7-5W6C-HQPP

Vulnerability from github – Published: 2023-03-10 03:30 – Updated: 2023-03-15 18:30
VLAI
Details

WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-27115"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-665"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2023-03-10T02:15:00Z",
    "severity": "MODERATE"
  },
  "details": "WebAssembly v1.0.29 was discovered to contain a segmentation fault via the component wabt::cat_compute_size.",
  "id": "GHSA-89r7-5w6c-hqpp",
  "modified": "2023-03-15T18:30:29Z",
  "published": "2023-03-10T03:30:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27115"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WebAssembly/wabt/issues/1938"
    },
    {
      "type": "WEB",
      "url": "https://github.com/WebAssembly/wabt/issues/1992"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ]
}

Mitigation MIT-3
Requirements

Strategy: Language Selection

  • Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, in Java, if the programmer does not explicitly initialize a variable, then the code could produce a compile-time error (if the variable is local) or automatically initialize the variable to the default value for the variable's type. In Perl, if explicit initialization is not performed, then a default value of undef is assigned, which is interpreted as 0, false, or an equivalent value depending on the context in which the variable is accessed.
Mitigation
Architecture and Design

Identify all variables and data stores that receive information from external sources, and apply input validation to make sure that they are only initialized to expected values.

Mitigation
Implementation

Explicitly initialize all your variables and other data stores, either during declaration or just before the first usage.

Mitigation
Implementation

Pay close attention to complex conditionals that affect initialization, since some conditions might not perform the initialization.

Mitigation
Implementation

Avoid race conditions (CWE-362) during initialization routines.

Mitigation
Build and Compilation

Run or compile your product with settings that generate warnings about uninitialized variables or data.

CAPEC-26: Leveraging Race Conditions

The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.

CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.