CWE-386
Symbolic Name not Mapping to Correct Object
Common consequences5
- Access ControlGain Privileges or Assume Identity
The attacker can gain access to otherwise unauthorized resources.
- IntegrityConfidentialityOtherModify Application DataModify Files or DirectoriesRead Application DataRead Files or DirectoriesOther
Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.
- IntegrityOtherModify Application DataOther
The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.
- Non-RepudiationHide Activities
If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.
- Non-RepudiationIntegrityModify Files or Directories
In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files.
CVEs referencing this CWE1
| CVE | Description | Severity | EPSS | Flags | Modified |
|---|---|---|---|---|---|
| CVE-2024-3852 | GetBoundName could return the wrong version of an object when JIT optimizations were applied. This vulnerability affects Firefox < 125, Firefox ESR < 115.10, and Thunderbird < 115.10. | HIGH7.5 | 0.62%p45 | 2025-04-01 |