ClassDraft
CWE-362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
Category: logic
Description
The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Common consequences· 4
- Availability — DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other)When a race condition makes it possible to bypass a resource cleanup routine or trigger multiple initialization routines, it may lead to resource exhaustion.
- Availability — DoS: Crash, Exit, or Restart, DoS: InstabilityWhen a race condition allows multiple control flows to access a resource simultaneously, it might lead the product(s) into unexpected states, possibly resulting in a crash.
- Confidentiality / Integrity — Read Files or Directories, Read Application DataWhen a race condition is combined with predictable resource names and loose permissions, it may be possible for an attacker to overwrite or access confidential data (CWE-59).
- Access Control — Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, Bypass Protection MechanismThis can have security implications when the expected synchronization is in security-critical code, such as recording whether a user is authenticated or modifying important state information that should not be influenced by an outsider.
Potential mitigations· 5
- [Architecture and Design]In languages that support it, use synchronization primitives. Only wrap these around critical code to minimize the impact on performance.
- [Architecture and Design]Use thread-safe capabilities such as the data access abstraction in Spring.
- [Architecture and Design]
- [Implementation]When using multithreading and operating on shared variables, only use thread-safe functions.
- [Implementation]Use atomic operations on shared variables. Be wary of innocent-looking constructs such as "x++". This may appear atomic at the code layer, but it is actually non-atomic at the instruction layer, since it involves a read, followed by a computation, followed by a write.
Related CAPEC attack patterns· 2
References
Exploits (incoming)2
| Type | Target | Confidence | Tier |
|---|---|---|---|
| AttackPattern | Leveraging Race Conditionscapec-26 | 100% | live |
| AttackPattern | Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditionscapec-29 | 100% | live |
(incoming)49
| Type | Target | Confidence | Tier |
|---|---|---|---|
| Vulnerability | CVE-2025-1127cve-2025-1127 | 0% | live |
| Vulnerability | CVE-2025-12432cve-2025-12432 | 0% | live |
| Vulnerability | CVE-2025-1801cve-2025-1801 | 0% | live |
| Vulnerability | CVE-2025-21376cve-2025-21376 | 0% | live |
| Vulnerability | CVE-2025-30444cve-2025-30444 | 0% | live |
| Vulnerability | CVE-2025-32710cve-2025-32710 | 0% | live |
| Vulnerability | CVE-2025-32991cve-2025-32991 | 0% | live |
| Vulnerability | CVE-2025-3886cve-2025-3886 | 0% | live |
| Vulnerability | CVE-2025-43244cve-2025-43244 | 0% | live |
| Vulnerability | CVE-2025-43275cve-2025-43275 | 0% | live |
| Vulnerability | CVE-2025-47545cve-2025-47545 | 0% | live |
| Vulnerability | CVE-2025-47735cve-2025-47735 | 0% | live |
| Vulnerability | CVE-2025-47972cve-2025-47972 | 0% | live |
| Vulnerability | CVE-2025-48751cve-2025-48751 | 0% | live |
| Vulnerability | CVE-2025-48753cve-2025-48753 | 0% | live |
| Vulnerability | CVE-2025-50177cve-2025-50177 | 0% | live |
| Vulnerability | CVE-2025-54955cve-2025-54955 | 0% | live |
| Vulnerability | Microsoft Windows Race Condition Vulnerabilitycve-2025-62215 | 0% | live |
| Vulnerability | CVE-2025-66419cve-2025-66419 | 0% | live |
| Vulnerability | CVE-2025-67505cve-2025-67505 | 0% | live |
| Vulnerability | CVE-2025-69871cve-2025-69871 | 0% | live |
| Vulnerability | CVE-2025-7954cve-2025-7954 | 0% | live |
| Vulnerability | CVE-2025-8880cve-2025-8880 | 0% | live |
| Vulnerability | CVE-2026-20677cve-2026-20677 | 0% | live |
| Vulnerability | CVE-2026-21697cve-2026-21697 | 0% | live |
| Vulnerability | CVE-2026-22856cve-2026-22856 | 0% | live |
| Vulnerability | CVE-2026-23240cve-2026-23240 | 0% | live |
| Vulnerability | CVE-2026-28817cve-2026-28817 | 0% | live |
| Vulnerability | CVE-2026-28891cve-2026-28891 | 0% | live |
| Vulnerability | CVE-2026-33827cve-2026-33827 | 0% | live |
Showing top 30 of 49 by confidence. Click any target to see the full neighbourhood.
Related by meaning· 6
Nearest entities by semantic similarity across the cs-graph corpus.