CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types
CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE-821: Incorrect Synchronization

Weakness ID: 821
Abstraction: Base
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

The software utilizes a shared resource in a concurrent manner but it does not correctly synchronize access to the resource.

Extended Description

If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.

+ Common Consequences
ScopeEffect
Integrity
Confidentiality
Other

Technical Impact: Modify application data; Read application data; Alter execution logic

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base662Improper Synchronization
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant572Call to Thread run() instead of start()
Development Concepts (primary)699
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant574EJB Bad Practices: Use of Synchronization Primitives
Development Concepts (primary)699
Research Concepts (primary)1000
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2010-08-06MITREInternal CWE Team
Modifications
Modification DateModifierOrganizationSource
2010-12-13CWE Content TeamMITREInternal
updated Relationships
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences, Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017 
 

Use of the Common Weakness Enumeration and the associated references from this website are subject to the Terms of Use. For more information, please email cwe@mitre.org.

CWE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 2006-2017, The MITRE Corporation. CWE, CWSS, CWRAF, and the CWE logo are trademarks of The MITRE Corporation.
Privacy policy
Terms of use
Contact us