CVE-2014-2667 — Race Condition in Python

CWE-362 — Race Condition6 documents5 sources

Severity

3.3LOWNVD

EPSS

0.1%

top 81.25%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python Debian Python2.7

Timeline

PublishedNov 16

Latest updateMay 17

Description

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.

CVSS vector

AV:L/AC:M/C:P/I:P/A:NExploitability: 3.4 | Impact: 4.9

Affected Packages2 packages

▶NVDpython/python17 versions+16

▶debiandebian/python2.7

🔴Vulnerability Details

GHSA

GHSA-gqp4-ww82-42w3: Race condition in the _get_masked_mode function in Lib/os↗2022-05-17

▶

📋Vendor Advisories

Red Hat

python: os.makedirs(exist_ok=True) is not thread-safe in Python 3.x↗2014-03-28

▶

Debian

CVE-2014-2667: python2.7 - Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 throu...↗2014

▶

💬Community

Bugzilla

CVE-2014-2667 python3: python: os.makedirs(exist_ok=True) is not thread-safe in Python 3.x [fedora-all]↗2014-04-02

▶

Bugzilla

CVE-2014-2667 python: os.makedirs(exist_ok=True) is not thread-safe in Python 3.x↗2014-03-28

▶