CVE-2014-2667

Race condition in the _get_masked_mode function in Lib/os.py in Python 3.2 through 3.5, when exist_ok is set to true and multiple threads are used, might allow local users to bypass intended file permissions by leveraging a separate application vulnerability before the umask has been set to the expected value.

Published: Nov 16, 2014
Updated: Apr 13, 2023
CVE: CVE-2014-2667
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.3
AV:L/AC:M/Au:N/C:P/I:P/A:N

CWEs:

CWE-362

Affected Software
References

Software	From	Fixed in
python / python	3.3.2	3.3.2.x
python / python	3.2.2	3.2.2.x
python / python	3.2.5	3.2.5.x
python / python	3.3.6	3.3.6.x
python / python	3.4.0	3.4.0.x
python / python	3.2.1	3.2.1.x
python / python	3.2.0	3.2.0.x
python / python	3.3.1	3.3.1.x
python / python	3.3.4	3.3.4.x
python / python	3.3.5	3.3.5.x
python / python	3.2.3	3.2.3.x
python / python	3.2.6	3.2.6.x
python / python	3.3.0	3.3.0.x
python / python	3.4.2	3.4.2.x
python / python	3.3.3	3.3.3.x
python / python	3.2.4	3.2.4.x
python / python	3.4.1	3.4.1.x

Vulnerability Database

289,697

CVE-2014-2667