VYPR

CWE-421

Race Condition During Access to Alternate Channel

BaseDraft

Description

The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.

This creates a race condition that allows an attacker to access the channel before the authorized user does.

Hierarchy (View 1000)

Children

none

CVEs mapped to this weakness (3)

  • CVE-2023-43687MedAug 14, 2025
    risk 0.42cvss 6.5epss 0.00

    An issue was discovered in Malwarebytes before 4.6.14.326 and before 5.1.5.116 (and Nebula 2020-10-21 and later). There is a Race condition that leads to code execution because of a lack of locks between file verification and execution.

  • CVE-2023-32256HigAug 1, 2025
    risk 0.42cvss 7.5epss 0.01

    A flaw was found in the Linux kernel's ksmbd component. A race condition between smb2 close operation and logoff in multichannel connections could result in a use-after-free issue.

  • CVE-2023-40536MedMay 16, 2024
    risk 0.28cvss 4.3epss 0.00

    Race condition for some some Intel(R) PROSet/Wireless WiFi software for Windows before version 23.20 may allow an unauthenticated user to potentially enable denial of service via adjacent access.