CWE-366
Race Condition within a Thread
Description
If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.
Hierarchy (View 1000)
Parents
Children
none
Related attack patterns (CAPEC)
CAPEC-26 · CAPEC-29
CVEs mapped to this weakness (6)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-31115 | Hig | 0.50 | — | 0.01 | Apr 3, 2025 | XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an… | ||
| CVE-2026-3904 | Med | 0.40 | 6.2 | 0.00 | Mar 11, 2026 | Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. … | ||
| CVE-2026-22819 | 0.00 | — | 0.00 | Jan 14, 2026 | Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is… | |||
| CVE-2024-2032 | 0.00 | — | 0.00 | Jun 6, 2024 | A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to… | |||
| CVE-2023-4127 | — | 0.00 | — | 0.00 | Aug 3, 2023 | Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1. | ||
| CVE-2021-38191 | — | 0.00 | — | 0.01 | Aug 8, 2021 | An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread. |
- risk 0.50cvss —epss 0.01
XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an…
- risk 0.40cvss 6.2epss 0.00
Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. …
- CVE-2026-22819Jan 14, 2026risk 0.00cvss —epss 0.00
Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is…
- CVE-2024-2032Jun 6, 2024risk 0.00cvss —epss 0.00
A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to…
- CVE-2023-4127Aug 3, 2023risk 0.00cvss —epss 0.00
Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.
- CVE-2021-38191Aug 8, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.