CWE-362
Allowed-with-ReviewConcurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Abstraction: Class · Status: Draft
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
2900 vulnerabilities reference this CWE, most recent first.
GHSA-88MG-HQXV-95H4
Vulnerability from github – Published: 2022-05-17 03:15 – Updated: 2022-05-17 03:15Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.
{
"affected": [],
"aliases": [
"CVE-2015-1420"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-03-16T10:59:00Z",
"severity": "LOW"
},
"details": "Race condition in the handle_to_path function in fs/fhandle.c in the Linux kernel through 3.19.1 allows local users to bypass intended size restrictions and trigger read operations on additional memory locations by changing the handle_bytes value of a file handle during the execution of this function.",
"id": "GHSA-88mg-hqxv-95h4",
"modified": "2022-05-17T03:15:10Z",
"published": "2022-05-17T03:15:10Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-1420"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1187534"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00023.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00011.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00004.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00018.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2015-09/msg00021.html"
},
{
"type": "WEB",
"url": "http://marc.info/?l=linux-kernel\u0026m=142247707318982\u0026w=2"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3170"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2015/01/29/12"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/72357"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2660-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2661-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2665-1"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2667-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-88MG-JR8R-PQGG
Vulnerability from github – Published: 2022-05-27 00:00 – Updated: 2022-06-09 00:00A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.
{
"affected": [],
"aliases": [
"CVE-2022-26765"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-05-26T20:15:00Z",
"severity": "MODERATE"
},
"details": "A race condition was addressed with improved state handling. This issue is fixed in watchOS 8.6, tvOS 15.5, macOS Monterey 12.4, iOS 15.5 and iPadOS 15.5. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.",
"id": "GHSA-88mg-jr8r-pqgg",
"modified": "2022-06-09T00:00:26Z",
"published": "2022-05-27T00:00:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-26765"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213253"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213254"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213257"
},
{
"type": "WEB",
"url": "https://support.apple.com/en-us/HT213258"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-88RV-C8GV-RFV7
Vulnerability from github – Published: 2026-05-06 12:30 – Updated: 2026-06-19 15:33In the Linux kernel, the following vulnerability has been resolved:
netfilter: ctnetlink: ensure safe access to master conntrack
Holding reference on the expectation is not sufficient, the master conntrack object can just go away, making exp->master invalid.
To access exp->master safely:
-
Grab the nf_conntrack_expect_lock, this gets serialized with clean_from_lists() which also holds this lock when the master conntrack goes away.
-
Hold reference on master conntrack via nf_conntrack_find_get(). Not so easy since the master tuple to look up for the master conntrack is not available in the existing problematic paths.
This patch goes for extending the nf_conntrack_expect_lock section to address this issue for simplicity, in the cases that are described below this is just slightly extending the lock section.
The add expectation command already holds a reference to the master conntrack from ctnetlink_create_expect().
However, the delete expectation command needs to grab the spinlock before looking up for the expectation. Expand the existing spinlock section to address this to cover the expectation lookup. Note that, the nf_ct_expect_iterate_net() calls already grabs the spinlock while iterating over the expectation table, which is correct.
The get expectation command needs to grab the spinlock to ensure master conntrack does not go away. This also expands the existing spinlock section to cover the expectation lookup too. I needed to move the netlink skb allocation out of the spinlock to keep it GFP_KERNEL.
For the expectation events, the IPEXP_DESTROY event is already delivered under the spinlock, just move the delivery of IPEXP_NEW under the spinlock too because the master conntrack event cache is reached through exp->master.
While at it, add lockdep notations to help identify what codepaths need to grab the spinlock.
{
"affected": [],
"aliases": [
"CVE-2026-43116"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-06T10:16:25Z",
"severity": "HIGH"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnetfilter: ctnetlink: ensure safe access to master conntrack\n\nHolding reference on the expectation is not sufficient, the master\nconntrack object can just go away, making exp-\u003emaster invalid.\n\nTo access exp-\u003emaster safely:\n\n- Grab the nf_conntrack_expect_lock, this gets serialized with\n clean_from_lists() which also holds this lock when the master\n conntrack goes away.\n\n- Hold reference on master conntrack via nf_conntrack_find_get().\n Not so easy since the master tuple to look up for the master conntrack\n is not available in the existing problematic paths.\n\nThis patch goes for extending the nf_conntrack_expect_lock section\nto address this issue for simplicity, in the cases that are described\nbelow this is just slightly extending the lock section.\n\nThe add expectation command already holds a reference to the master\nconntrack from ctnetlink_create_expect().\n\nHowever, the delete expectation command needs to grab the spinlock\nbefore looking up for the expectation. Expand the existing spinlock\nsection to address this to cover the expectation lookup. Note that,\nthe nf_ct_expect_iterate_net() calls already grabs the spinlock while\niterating over the expectation table, which is correct.\n\nThe get expectation command needs to grab the spinlock to ensure master\nconntrack does not go away. This also expands the existing spinlock\nsection to cover the expectation lookup too. I needed to move the\nnetlink skb allocation out of the spinlock to keep it GFP_KERNEL.\n\nFor the expectation events, the IPEXP_DESTROY event is already delivered\nunder the spinlock, just move the delivery of IPEXP_NEW under the\nspinlock too because the master conntrack event cache is reached through\nexp-\u003emaster.\n\nWhile at it, add lockdep notations to help identify what codepaths need\nto grab the spinlock.",
"id": "GHSA-88rv-c8gv-rfv7",
"modified": "2026-06-19T15:33:09Z",
"published": "2026-05-06T12:30:28Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-43116"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/497f99b26fffdc5635706d1b4811f1ed8ee21a5b"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/5e1c1d22268ae710c238342c8030c21daf298168"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9e1196d27ef496f404c76f7a9d03761142d991c4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/bffcaad9afdfe45d7fc777397d3b83c1e3ebffe5"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/d52fa1fa7440676b8c238037a050ab008c22737f"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/f338ced0473849c9f6ed0b77ca99f1aab5826787"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-88W3-X23R-C432
Vulnerability from github – Published: 2026-05-27 15:33 – Updated: 2026-06-16 15:33In the Linux kernel, the following vulnerability has been resolved:
mm: fix deferred split queue races during migration
migrate_folio_move() records the deferred split queue state from src and replays it on dst. Replaying it after remove_migration_ptes(src, dst, 0) makes dst visible before it is requeued, so a concurrent rmap-removal path can mark dst partially mapped and trip the WARN in deferred_split_folio().
Move the requeue before remove_migration_ptes() so dst is back on the deferred split queue before it becomes visible again.
Because migration still holds dst locked at that point, teach deferred_split_scan() to requeue a folio when folio_trylock() fails. Otherwise a fully mapped underused folio can be dequeued by the shrinker and silently lost from split_queue.
[ziy@nvidia.com: move the comment]
{
"affected": [],
"aliases": [
"CVE-2026-46017"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-05-27T14:17:20Z",
"severity": "MODERATE"
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nmm: fix deferred split queue races during migration\n\nmigrate_folio_move() records the deferred split queue state from src and\nreplays it on dst. Replaying it after remove_migration_ptes(src, dst, 0)\nmakes dst visible before it is requeued, so a concurrent rmap-removal path\ncan mark dst partially mapped and trip the WARN in deferred_split_folio().\n\nMove the requeue before remove_migration_ptes() so dst is back on the\ndeferred split queue before it becomes visible again.\n\nBecause migration still holds dst locked at that point, teach\ndeferred_split_scan() to requeue a folio when folio_trylock() fails. \nOtherwise a fully mapped underused folio can be dequeued by the shrinker\nand silently lost from split_queue.\n\n[ziy@nvidia.com: move the comment]",
"id": "GHSA-88w3-x23r-c432",
"modified": "2026-06-16T15:33:41Z",
"published": "2026-05-27T15:33:20Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46017"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/3bac01168982ec3e3bf87efdc1807c7933590a85"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/cbf75cf212ee6e499abc1757fb4b5ae6d70ed0aa"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-894G-WR4P-3595
Vulnerability from github – Published: 2022-06-16 00:00 – Updated: 2022-06-25 00:01In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel
{
"affected": [],
"aliases": [
"CVE-2022-20154"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-06-15T14:15:00Z",
"severity": "MODERATE"
},
"details": "In lock_sock_nested of sock.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android kernelAndroid ID: A-174846563References: Upstream kernel",
"id": "GHSA-894g-wr4p-3595",
"modified": "2022-06-25T00:01:03Z",
"published": "2022-06-16T00:00:25Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-20154"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2022-06-01"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-897C-PJ95-H9CF
Vulnerability from github – Published: 2022-05-24 19:19 – Updated: 2022-05-24 19:19There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.
{
"affected": [],
"aliases": [
"CVE-2021-36994"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-10-28T13:15:00Z",
"severity": "MODERATE"
},
"details": "There is a issue that trustlist strings being repeatedly inserted into the linked list in Huawei Smartphone due to race conditions. Successful exploitation of this vulnerability can cause exceptions when managing the system trustlist.",
"id": "GHSA-897c-pj95-h9cf",
"modified": "2022-05-24T19:19:05Z",
"published": "2022-05-24T19:19:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-36994"
},
{
"type": "WEB",
"url": "https://consumer.huawei.com/en/support/bulletin/2021/7"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-899M-9G9C-JWH3
Vulnerability from github – Published: 2022-05-17 05:25 – Updated: 2022-05-17 05:25Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.
{
"affected": [],
"aliases": [
"CVE-2012-3483"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-08-26T19:55:00Z",
"severity": "MODERATE"
},
"details": "Race condition in the runScript function in Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by replacing a script file.",
"id": "GHSA-899m-9g9c-jwh3",
"modified": "2022-05-17T05:25:05Z",
"published": "2022-05-17T05:25:05Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-3483"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2012-08/0122.html"
},
{
"type": "WEB",
"url": "http://code.google.com/p/tunnelblick/issues/detail?id=212"
},
{
"type": "WEB",
"url": "http://git.zx2c4.com/Pwnnel-Blicker/tree/pwnnel-blicker.c"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/08/14/1"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-89R6-VQV7-M7CQ
Vulnerability from github – Published: 2023-03-14 18:30 – Updated: 2023-03-14 18:30Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability
{
"affected": [],
"aliases": [
"CVE-2023-23407"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-03-14T17:15:00Z",
"severity": "HIGH"
},
"details": "Windows Point-to-Point Protocol over Ethernet (PPPoE) Remote Code Execution Vulnerability",
"id": "GHSA-89r6-vqv7-m7cq",
"modified": "2023-03-14T18:30:19Z",
"published": "2023-03-14T18:30:19Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23407"
},
{
"type": "WEB",
"url": "https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-23407"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8C7G-VX5G-CMPG
Vulnerability from github – Published: 2024-10-14 15:30 – Updated: 2024-11-06 18:31When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox < 131.0.3.
{
"affected": [],
"aliases": [
"CVE-2024-9936"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-10-14T14:15:12Z",
"severity": "MODERATE"
},
"details": "When manipulating the selection node cache, an attacker may have been able to cause unexpected behavior, potentially leading to an exploitable crash. This vulnerability affects Firefox \u003c 131.0.3.",
"id": "GHSA-8c7g-vx5g-cmpg",
"modified": "2024-11-06T18:31:05Z",
"published": "2024-10-14T15:30:46Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9936"
},
{
"type": "WEB",
"url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1920381"
},
{
"type": "WEB",
"url": "https://www.mozilla.org/security/advisories/mfsa2024-53"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-8CMC-RXQ2-8W7G
Vulnerability from github – Published: 2022-05-17 03:50 – Updated: 2022-05-17 03:50The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.
{
"affected": [],
"aliases": [
"CVE-2012-2373"
],
"database_specific": {
"cwe_ids": [
"CWE-362"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2012-08-09T10:29:00Z",
"severity": "MODERATE"
},
"details": "The Linux kernel before 3.4.5 on the x86 platform, when Physical Address Extension (PAE) is enabled, does not properly use the Page Middle Directory (PMD), which allows local users to cause a denial of service (panic) via a crafted application that triggers a race condition.",
"id": "GHSA-8cmc-rxq2-8w7g",
"modified": "2022-05-17T03:50:07Z",
"published": "2022-05-17T03:50:07Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2373"
},
{
"type": "WEB",
"url": "https://github.com/torvalds/linux/commit/26c191788f18129af0eb32a358cdaea0c7479626"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=822821"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=26c191788f18129af0eb32a358cdaea0c7479626"
},
{
"type": "WEB",
"url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=26c191788f18129af0eb32a358cdaea0c7479626"
},
{
"type": "WEB",
"url": "http://marc.info/?l=bugtraq\u0026m=139447903326211\u0026w=2"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0743.html"
},
{
"type": "WEB",
"url": "http://ubuntu.com/usn/usn-1529-1"
},
{
"type": "WEB",
"url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.4.5"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2012/05/18/11"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation
In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
Mitigation
Use thread-safe capabilities such as the data access abstraction in Spring.
Mitigation
- Minimize the usage of shared resources in order to remove as much complexity as possible from the control flow and to reduce the likelihood of unexpected conditions occurring.
- Additionally, this will minimize the amount of synchronization necessary and may even help to reduce the likelihood of a denial of service where an attacker may be able to repeatedly trigger a critical section (CWE-400).
Mitigation
When using multithreading and operating on shared variables, only use thread-safe functions.
Mitigation
Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Mitigation
Use a mutex if available, but be sure to avoid related weaknesses such as CWE-412.
Mitigation
Avoid double-checked locking (CWE-609) and other implementation errors that arise when trying to avoid the overhead of synchronization.
Mitigation
Disable interrupts or signals over critical parts of the code, but also make sure that the code does not go into a large or infinite loop.
Mitigation
Use the volatile type modifier for critical variables to avoid unexpected compiler optimization or reordering. This does not necessarily solve the synchronization problem, but it can help.
Mitigation MIT-17
Strategy: Environment Hardening
Run your code using the lowest privileges that are required to accomplish the necessary tasks [REF-76]. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
CAPEC-26: Leveraging Race Conditions
The adversary targets a race condition occurring when multiple processes access and manipulate the same resource concurrently, and the outcome of the execution depends on the particular order in which the access takes place. The adversary can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance, a race condition can occur while accessing a file: the adversary can trick the system by replacing the original file with their version and cause the system to read the malicious file.
CAPEC-29: Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. A typical example is file access. The adversary can leverage a file access race condition by "running the race", meaning that they would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the adversary could replace or modify the file, causing the application to behave unexpectedly.