[Forgot Password]
Login  Register Subscribe

23631

 
 

115084

 
 

97559

 
 

909

 
 

78730

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CWE
view XML

Missing Synchronization

ID: 820Date: (C)2012-05-14   (M)2012-11-08
Type: weaknessStatus: INCOMPLETE
Abstraction Type: Base





Description

The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.

Extended Description

If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.

Applicable Platforms
None

Common Consequences

ScopeTechnical ImpactNotes
Integrity
Confidentiality
Other
 
Modify application data
Read application data
Alter execution logic
 
 

Detection Methods
None

Potential Mitigations
None

Relationships

Related CWETypeViewChain
CWE-820 ChildOf CWE-853 Category CWE-844  

Demonstrative Examples   (Details)

  1. The following code intends to fork a process, then have both the parent and child processes print a single line.

White Box Definitions
None

Black Box Definitions
None

Taxynomy Mappings

TaxynomyIdNameFit
CERT Java Secure Coding LCK05-J
 
Synchronize access to static fields that can be modified by untrusted code
 
 

References:
None

© 2013 SecPod Technologies