BaseDraft

CWE-366Race Condition within a Thread

Category: logic

Description

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined.

Common consequences· 1

  • Integrity / Other — Alter Execution Logic, Unexpected State
    The main problem is that -- if a lock is overcome -- data could be altered in a bad state.

Potential mitigations· 2

  • [Architecture and Design]Use locking functionality. This is the recommended solution. Implement some form of locking mechanism around code which alters or reads persistent data in a multithreaded environment.
  • [Architecture and Design]Create resource-locking validation checks. If no inherent locking mechanisms exist, use flags and signals to enforce your own blocking scheme when resources are being used by other threads of execution.

Related CAPEC attack patterns· 2

CAPEC-26CAPEC-29

References

  1. https://cwe.mitre.org/data/definitions/366.html

Exploits (incoming)2

TypeTargetConfidenceTier
AttackPatternLeveraging Race Conditionscapec-26100%live
AttackPatternLeveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditionscapec-29100%live

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2025-58143cve-2025-581430%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE
Hardware Logic Contains Race Conditions
CWE
Time-of-check Time-of-use (TOCTOU) Race Condition
CWE
Context Switching Race Condition
CWE
Uncaught Exception
CWE
Call to Thread run() instead of start()
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.