VYPR

CWE-364

Signal Handler Race Condition

BaseIncompleteLikelihood: Medium

Description

The product uses a signal handler that introduces a race condition.

Hierarchy (View 1000)

CVEs mapped to this weakness (9)

  • CVE-2024-6387HigJul 1, 2024
    risk 0.64cvss 8.1epss 1.00

    A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead sshd to handle some signals in an unsafe manner. An unauthenticated, remote attacker may be able to trigger it by failing to authenticate within a set time…

  • CVE-2026-24792HigMay 19, 2026
    risk 0.53cvss 8.1epss 0.00

    in OpenHarmony v6.0 and prior versions allow a remote attacker arbitrary code execution in pre-installed apps.

  • CVE-2024-6409HigJul 8, 2024
    risk 0.45cvss 7.0epss 0.28

    A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions…

  • CVE-2026-42002MedMay 21, 2026
    risk 0.38cvss 5.9epss 0.00

    Concurrency and locking defects in GSS-TSIG

  • CVE-2026-27766MedMay 19, 2026
    risk 0.36cvss 5.5epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker cause information leak.

  • CVE-1999-0035MedMay 29, 1997
    risk 0.35cvss 5.4epss 0.01

    Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.

  • CVE-2025-4598MedMay 30, 2025
    risk 0.31cvss 4.7epss 0.01

    A vulnerability was found in systemd-coredump. This flaw allows an attacker to force a SUID process to crash and replace it with a non-SUID binary to access the original's privileged process coredump, allowing the attacker to read sensitive data, such as /etc/shadow content,…

  • CVE-2026-33565LowMay 19, 2026
    risk 0.21cvss 3.3epss 0.00

    in OpenHarmony v6.0 and prior versions allow a local attacker cause DOS.

  • CVE-2025-53092Oct 16, 2025
    risk 0.00cvss epss 0.00

    Strapi is an open source headless content management system. Strapi versions prior to 5.20.0 contain a CORS misconfiguration vulnerability in default installations. By default, Strapi reflects the value of the Origin header back in the Access-Control-Allow-Origin response header…