BaseIncomplete

CWE-1322Use of Blocking Code in Single-threaded, Non-blocking Context

Category: other

Description

The product uses a non-blocking model that relies on a single threaded process for features such as scalability, but it contains code that can block when it is invoked.

Common consequences· 1

  • Availability — DoS: Resource Consumption (CPU)
    An unexpected call to blocking code can trigger an infinite loop, or a large loop that causes the software to pause and wait indefinitely.

Potential mitigations· 2

  • [Implementation]Generally speaking, blocking calls should be replaced with non-blocking alternatives that can be used asynchronously. Expensive computations should be passed off to worker threads, although the correct approach depends on the framework being used.
  • [Implementation]For expensive computations, consider breaking them up into multiple smaller computations. Refer to the documentation of the framework being used for guidance.

Related CAPEC attack patterns· 1

CAPEC-25

References

  1. https://cwe.mitre.org/data/definitions/1322.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternForced Deadlockcapec-25100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Singleton Pattern Without Synchronization in a Multithreaded Context
CWE
Singleton Class Instance Creation without Proper Locking or Synchronization
CWE
Improper Synchronization
CWE
Unsynchronized Access to Shared Data in a Multithreaded Context
CWE
Data Resource Access without Use of Connection Pooling
CWE
Double-Checked Locking
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.