The software utilizes a shared resource in a concurrent manner but it does not correctly synchronize access to the resource.
Extended Description
If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.
Relationships
The table(s) below shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.
Relevant to the view "Research Concepts" (CWE-1000)
Nature
Type
ID
Name
ChildOf
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.
Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.
Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.
Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.
Relevant to the view "Development Concepts" (CWE-699)
Nature
Type
ID
Name
ChildOf
Class - a weakness that is described in a very abstract fashion, typically independent of any specific language or technology. More general than a Base weakness.
Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.
Variant - a weakness that is described at a very low level of detail, typically limited to a specific language or technology. More specific than a Base weakness.
Base - a weakness that is described in an abstract fashion, but with sufficient details to infer specific methods for detection and prevention. More general than a Variant weakness, but more specific than a Class weakness.
The table below specifies different individual consequences associated with the weakness. The Scope identifies the application security area that is violated, while the Impact describes the negative technical impact that arises if an adversary succeeds in exploiting this weakness. The Likelihood provides information about how likely the specific consequence is expected to be seen relative to the other consequences in the list. For example, there may be high likelihood that a weakness will be exploited to achieve a certain impact, but a low likelihood that it will be exploited to achieve a different impact.
Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc. CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.
More information is available — Please select a different filter.
Page Last Updated:
September 23, 2019
Use of the Common Weakness Enumeration and the associated references from this website are subject to the
Terms of Use. For more information, please email cwe@mitre.org.
Description
Relevant to the view "Research Concepts" (CWE-1000)
