VYPR

CWE-366

Race Condition within a Thread

BaseDraftLikelihood: Medium

Description

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (6)

  • CVE-2025-31115HigApr 3, 2025
    risk 0.50cvss epss 0.01

    XZ Utils provide a general-purpose data-compression library plus command-line tools. In XZ Utils 5.3.3alpha to 5.8.0, the multithreaded .xz decoder in liblzma has a bug where invalid input can at least result in a crash. The effects include heap use after free and writing to an…

  • CVE-2026-3904MedMar 11, 2026
    risk 0.40cvss 6.2epss 0.00

    Calling NSS-backed functions that support caching via nscd may call the nscd client side code and in the GNU C Library version 2.36 under high load on x86_64 systems, the client may call memcmp on inputs that are concurrently modified by other processes or threads and crash. …

  • CVE-2026-22819Jan 14, 2026
    risk 0.00cvss epss 0.00

    Outray openSource ngrok alternative. Prior to 0.1.5, this vulnerability allows a user i.e a free plan user to get more than the desired subdomains due to lack of db transaction lock mechanisms in main/apps/web/src/routes/api/$orgSlug/subdomains/index.ts. This vulnerability is…

  • CVE-2024-2032Jun 6, 2024
    risk 0.00cvss epss 0.00

    A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerability arises due to…

  • CVE-2023-4127Aug 3, 2023
    risk 0.00cvss epss 0.00

    Race Condition within a Thread in GitHub repository answerdev/answer prior to v1.1.1.

  • CVE-2021-38191Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.