1. Home
  2. Weaknesses
  3. CWE-367

CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition

ID CWE-367
Abstraction Base
Structure Simple
Status Incomplete
Number of CVEs 344
Detail CAPEC Dashboard Vulnerabilities Web & Social
The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. This can cause the product to perform invalid actions when the resource is in an unexpected state.

This weakness can be security-relevant when an attacker can influence the state of the resource between check and use. This can happen with shared resources such as files, memory, or even variables in multithreaded programs.

Modes of Introduction

Phase Note
Implementation

Applicable Platforms

Type Class Name Prevalence
Language Not Language-Specific

Relationships

View Weakness
# ID View Status # ID Name Abstraction Structure Status
CWE-1000 Research Concepts Draft CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Class Simple Draft
CWE-1003 Weaknesses for Simplified Mapping of Published Vulnerabilities Incomplete CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Class Simple Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPECâ„¢) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org
# ID Name Weaknesses
CAPEC-27 Leveraging Race Conditions via Symbolic Links CWE-367
CAPEC-29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions CWE-367

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date