Race Condition Affecting python3.4 package, versions <3.4.1-1


Severity

Recommended
0.0
medium
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.04% (5th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk Learn

Learn about Race Condition vulnerabilities in an interactive lesson.

Start learning
  • Snyk IDSNYK-DEBIAN8-PYTHON34-306398
  • published16 Nov 2014
  • disclosed16 Nov 2014

Introduced: 16 Nov 2014

CVE-2014-2667  (opens in a new tab)
CWE-362  (opens in a new tab)

How to fix?

Upgrade Debian:8 python3.4 to version 3.4.1-1 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream python3.4 package and not the python3.4 package as distributed by Debian. See How to fix? for Debian:8 relevant fixed versions and status.

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.

CVSS Scores

version 3.1