ClassDraft

CWE-662Improper Synchronization

Category: logic

Description

The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

Common consequences· 1

  • Integrity / Confidentiality / Other — Modify Application Data, Read Application Data, Alter Execution Logic

Potential mitigations· 1

  • [Implementation]Use industry standard APIs to synchronize your code.

Related CAPEC attack patterns· 4

CAPEC-25CAPEC-26CAPEC-27CAPEC-29

References

  1. https://cwe.mitre.org/data/definitions/662.html

Exploits (incoming)4

TypeTargetConfidenceTier
AttackPatternLeveraging Race Conditionscapec-26100%live
AttackPatternLeveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditionscapec-29100%live
AttackPatternForced Deadlockcapec-25100%live
AttackPatternLeveraging Race Conditions via Symbolic Linkscapec-27100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Incorrect Synchronization
CWE
Missing Synchronization
CWE
Unsynchronized Access to Shared Data in a Multithreaded Context
CWE
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE
Improper Locking
CWE
Use of Singleton Pattern Without Synchronization in a Multithreaded Context
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.