DerScanner
Home / Vulnerability Database / Python : Race condition of type TOCTOU
Python

Python : Race condition of type TOCTOU

Classification

OWASP Top 10 2013
A7-Missing Function Level Access Control
OWASP Top 10 2017
A9-Using Components with Known Vulnerabilities
OWASP Top 10 2021
A6-Vulnerable and Outdated Components
OWASP ASVS
Business Logic
PCI DSS 4.0
6.2.4
HIPAA
§164.312 (a)(1)
CWE
CWE-1033

Overview

A “TOCTOU” attack is possible.
Application may be vulnerable to this attack type due to use of standard paths to temporary files, for example:

  • /tmp
  • /var/tmp
  • /dev/shm
  • etc

Another reason may be the use of unsafe methods like os.tempnam() and os.tmpnam().

References

  1. Create, use, and remove temporary files securely
  2. How insecure is / replacement for tmpnam?
  3. Symlink race
MEDIUM

DerScanner Severity Score

Do you want to fix Python : Race condition of type TOCTOU in your application?

See also

Python

Python : Debug mode on

Python

Python : Web3: Deprecated method

Python

Python : Unsafe padding