VariantIncomplete

CWE-543Use of Singleton Pattern Without Synchronization in a Multithreaded Context

Category: logic

Description

The product uses the singleton pattern when creating a resource within a multithreaded environment. The use of a singleton pattern may not be thread-safe.

Common consequences· 1

  • Other / Integrity — Other, Modify Application Data

Potential mitigations· 3

  • [Architecture and Design]Use the Thread-Specific Storage Pattern. See References.
  • [Implementation]Do not use member fields to store information in the Servlet. In multithreading environments, storing user data in Servlet member fields introduces a data access race condition.
  • [Implementation]Avoid using the double-checked locking pattern in language versions that cannot guarantee thread safety. This pattern may be used to avoid the overhead of a synchronized call, but in certain versions of Java (for example), this has been shown to be unsafe because it still introduces a race condition (CWE-209).

References

  1. https://cwe.mitre.org/data/definitions/543.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Singleton Class Instance Creation without Proper Locking or Synchronization
CWE
Unsynchronized Access to Shared Data in a Multithreaded Context
CWE
Improper Synchronization
CWE
Incorrect Synchronization
CWE
Missing Synchronization
CWE
Use of Blocking Code in Single-threaded, Non-blocking Context
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.