CWE-363
Overview
- CWE ID
- 363
- CWE Name
- Race Condition Enabling Link Following
- CWE Abstraction
- Base
- CWE structure
- Simple
- CWE Status
- Draft
Description
The software checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the access is performed, causing the software to access the wrong file.
Extended Description
While developers might expect that there is a very narrow time window between the time of check and time of use, there is still a race condition. An attacker could cause the software to slow down (e.g. with memory consumption), causing the time window to