CWE-367 - Time-of-check Time-of-use (TOCTOU) Race Condition
- 摘要:Base
- 结构:Simple
- 状态:Incomplete
- 发布日期:2006-07-19
- 更新日期:2025-12-11
名称
Time-of-check Time-of-use (TOCTOU) Race Condition
描述
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
常见后果
范围:Integrity, Other
影响:Alter Execution Logic, Unexpected State
注释:The attacker can gain access to otherwise unauthorized resources.
范围:Integrity, Other
影响:Modify Application Data, Modify Files or Directories, Modify Memory, Other
注释:Race conditions such as this kind may be employed to gain read or write access to resources which are not normally readable or writable by the user in question.
范围:Integrity, Other
影响:Other
注释:The resource in question, or other resources (through the corrupted one), may be changed in undesirable ways by a malicious user.
范围:Non-Repudiation
影响:Hide Activities
注释:If a file or other resource is written in this method, as opposed to in a valid way, logging of the activity may not occur.
范围:Non-Repudiation, Other
影响:Other
注释:In some cases it may be possible to delete files a malicious user might not otherwise have access to, such as log files.
范围:Other
影响:Unexpected State
注释:The product may perform invalid actions when the resource is in an unexpected state.