CVEbaza.plCWE DictionaryCWE-1265
Common Weakness Enumeration

CWE-1265

Unintended Reentrant Invocation of Non-reentrant Code Via Nested Calls

Category: BaseCVE: 1
Description

The product invokes code that is believed to be reentrant, but the code performs a call that unintentionally produces a nested invocation of the non-reentrant code.

Extended Description

In a complex product, a single function call may lead to many different possible code paths, some of which may involve deeply nested calls. It may be difficult to foresee all possible code paths that could emanate from a given function call, even if that call is assumed to be reentrant. In some systems, an external actor can manipulate inputs to the system and thereby achieve a wide range of possible control flows. This is frequently a concern in products that execute scripts from untrusted sources. Examples of such products are web browsers and PDF readers. A weakness is present when one of the possible code paths resulting from a function call alters program state that the original caller assumes to be unchanged during the call.

CVE vulnerabilities with CWE-1265 (1)
8.8
CVSS
HIGH
CVE-2023-25240

An improper SameSite Attribute vulnerability in pimCore v10.5.15 allows attackers to execute arbitrary code.

pub. 2023-02-13
Information
ID: CWE-1265
Type: Base
Vulnerabilities: 1
MITRE CWE ↗
← CWE Dictionary