176. Race Conditions

Race Condition

Software vulnerabiltiy where the outcome depends on the timing of events not matching the developer’s intended order

Race conditions occur when

Multiple threads write to the same variable or object in the same memory location simultaneously

Dereferencing

A fundamental operation in programming, and the vulnerabilities arise from unsafe or concurrent usage, particularly in scenarios involving race conditions

Dirty COW

Popular 2015 exploit, showcasing a race condition exploitation

TOC

Time-of-Check Vulnerability

Time-of-Check Vulnerability

Type of race condition where an attacker can alter a system resource after an app checks its state but before the operation is performed

TOU

Time-of-Use Vulnerability

Time-of-Use Vulnerability

Type of race condition that occurs when an attacker can change the state of a system resource between the time it is checked and the time it is used

TOE

Time-of-Evaluation Vulnerability

Time-of-Evaluation Vulnerability

Type of race condition that involves the manipulation of data or resources during the time window when a system is making a decision or evaluation

Deadlock

Occurs when two or more processes are unable to proceed because each is waiting for the other to release a resource