|ID: 833||Date: (C)2012-05-14 (M)2012-11-08|
|Type: weakness||Status: INCOMPLETE|
|Abstraction Type: Base|
The software contains multiple threads or executable segments
that are waiting for each other to release a necessary lock, resulting in
|Availability ||DoS: resource consumption
(CPU)DoS: resource consumption
(other)DoS: crash / exit /
restart ||Each thread of execution will "hang" and prevent tasks from
completing. In some cases, CPU consumption may occur if a lock check
occurs in a tight loop. |
|CWE-833 ChildOf CWE-853 ||Category ||CWE-844 || |
- CVE-2009-2857 : OS deadlock
- CVE-2009-1961 : OS deadlock involving 3 separate functions
- CVE-2009-2699 : deadlock in library
- CVE-2009-4272 : deadlock triggered by packets that force collisions in a routing table
- CVE-2002-1850 : read/write deadlock between web server and script
- CVE-2004-0174 : web server deadlock involving multiple listening connections
- CVE-2009-1388 : multiple simultaneous calls to the same function trigger deadlock.
- CVE-2006-5158 : chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).
- CVE-2006-4342 : deadlock when an operation is performed on a resource while it is being removed.
- CVE-2006-2374 : Deadlock in device driver triggered by using file handle of a related device.
- CVE-2006-2275 : Deadlock when large number of small messages cannot be processed quickly enough.
- CVE-2005-3847 : OS kernel has deadlock triggered by a signal during a core dump.
- CVE-2005-3106 : Race condition leads to deadlock.
- CVE-2005-2456 : Chain: array index error (CWE-129) leads to deadlock (CWE-833)
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
|CERT Java Secure Coding ||LCK08-J ||Ensure actively held locks are released on exceptional
conditions || |
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 13, "Synchronization Problems" / "Starvation and
Deadlocks", Page 760'. Published on 2006.
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 13, "Starvation and Deadlocks", Page
760.'. Published on 2006.
- Robert C. Seacord .Secure Coding in C and C++. Addison Wesley. Section:'Chapter 7, "Concurrency", section "Mutual Exclusion and
Deadlock", Page 248.'. Published on 2006.