BaseDraft

CWE-663Use of a Non-reentrant Function in a Concurrent Context

Category: other

Description

The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.

Common consequences· 1

  • Integrity / Confidentiality / Other — Modify Memory, Read Memory, Modify Application Data, Read Application Data, Alter Execution Logic

Potential mitigations· 3

  • [Implementation]Use reentrant functions if available.
  • [Implementation]Add synchronization to your non-reentrant function.
  • [Implementation]In Java, use the ReentrantLock Class.

Related CAPEC attack patterns· 1

CAPEC-29

References

  1. https://cwe.mitre.org/data/definitions/663.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternLeveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditionscapec-29100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Signal Handler Use of a Non-reentrant Function
CWE
Signal Handler Race Condition
CWE
Signal Handler with Functionality that is not Asynchronous-Safe
CWE
Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')
CWE
Unsynchronized Access to Shared Data in a Multithreaded Context
CWE
Improper Synchronization
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.