Race Condition Affecting pyfftw package, versions [,0.14.0)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-PYTHON-PYFFTW-8446347
- published2 Dec 2024
- disclosed1 Dec 2024
- creditUnknown
Introduced: 1 Dec 2024
CVE NOT AVAILABLE CWE-362 (opens in a new tab)How to fix?
Upgrade pyFFTW to version 0.14.0 or higher.
Overview
pyFFTW is an A pythonic wrapper around FFTW, the FFT library, presenting a unified interface for all the supported transforms.
Affected versions of this package are vulnerable to Race Condition due to improper synchronization when accessing shared resources. This can lead to memory corruption or unexpected behavior when used in multithreaded environments. The vulnerability arises from unsynchronized access to FFTW plan destruction and shared cache keys. An attacker could exploit this by inducing concurrent operations, potentially causing application crashes or arbitrary code execution.