Home/CAPEC/Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
Attack Pattern

Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

CAPEC-29 · Standard · Draft
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.
likelihood: High severity: High

Targets These Weaknesses (CWE)

9
The underlying weaknesses this attack pattern exploits. Follow into a CWE to see affected CVEs and its relationship tree.
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE-366Race Condition within a Thread
CWE-367Time-of-check Time-of-use (TOCTOU) Race Condition
CWE-368Context Switching Race Condition
CWE-370Missing Check for Certificate Revocation after Initial Check
CWE-662Improper Synchronization
CWE-663Use of a Non-reentrant Function in a Concurrent Context
CWE-665Improper Initialization
CWE-691Insufficient Control Flow Management
External lookups - second-class, for what we don’t hold ourselves
MITRE CAPEC
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin