A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.
View on MITREThe attacker can gain access to otherwise unauthorized resources.
Race conditions such as this kind may be employed to gain read or write access to resources not normally readable or writable by the user in question.
The resource in question, or other resources (through the corrupted one) may be changed in undesirable ways by a malicious user.
If a file or other resource is written in this method, as opposed to a valid way, logging of the activity may not occur.
In some cases it may be possible to delete files that a malicious user might not otherwise have access to -- such as log files.
No mitigation information available for this CWE.
No detection method information available for this CWE.
No examples or observed CVEs available for this CWE.
No relationship information available for this CWE.
CWE-386: Symbolic Name not Mapping to Correct Object is a Common Weakness Enumeration (CWE) entry maintained by MITRE. A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.
If exploited, CWE-386 (Symbolic Name not Mapping to Correct Object) it can compromise Access Control, Integrity, Confidentiality, Other and Non-Repudiation, leading to outcomes such as Gain Privileges or Assume Identity, Modify Application Data, Modify Files or Directories, Read Application Data, Read Files or Directories and Other.
CWE-386 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.
A CWE (Common Weakness Enumeration) like CWE-386 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.