7 matches found
Time-of-check Time-of-use (TOCTOU) Race Condition
Overview Affected versions of this package are vulnerable to Time-of-check Time-of-use TOCTOU Race Condition during lock file creation. An attacker can corrupt or truncate arbitrary files by exploiting a race condition between the existence check and file opening with OTRUNC, allowing the creatio...
CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...
CVE-2025-68146
CVE-2025-68146 affects the Python filelock package. A TOCTOU race in lock file creation allows local attackers with filesystem access to exploit symlinks and truncate target files. The vulnerability exists in UnixFileLock and WindowsFileLock for versions before 3.20.1; an attacker can create a sy...
CVE-2025-68146 filelock has TOCTOU race condition that allows symlink attacks during lock file creation
filelock is a platform-independent file lock for Python. In versions prior to 3.20.1, a Time-of-Check-Time-of-Use TOCTOU race condition allows local attackers to corrupt or truncate arbitrary user files through symlink attacks. The vulnerability exists in both Unix and Windows lock file creation...
X.Org multiple security vulnerabilities
Memory corruprions, insecure lock file creation...
CVE-2010-0791
The 1 ncpmount, 2 ncpumount, and 3 ncplogin programs in ncpfs 2.2.6 do not properly create lock files, which allows local users to cause a denial of service application failure via unspecified vectors that trigger the creation of a /etc/mtab file that persists after the program exits...
Qualcomm qpopper 2.53/3.0 / RedHat imap 4.5 -4 / UoW imap 4.5 popd - Lock File Denial of Service
source: https://www.securityfocus.com/bid/1132/info Vulnerabilities exist in a number of pop3 daemon implementations, having to do with their creation of lock files. Affected include Qualcomm's qpopper, and the popd included as part of the imap-4 rpm from RedHat. Lockfiles in both implementation...