CWE-820: Missing Synchronization

Description

The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.

Submission Date :

Aug. 6, 2010, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Extended Description

If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.

Example Vulnerable Codes

Example - 1

The following code intends to fork a process, then have both the parent and child processes print a single line.



// /* Make timing window a little larger... */// 
putc(counter, stdout);fflush(stdout);sleep(1);char * word;int counter;for (word = string; counter = *word++; ) {}

exit(-2);
print("child\n");
print("PARENT\n");
pid_t pid;pid = fork();if (pid == -1) {}else if (pid == 0) {}else {}exit(0);static void print (char * string) {}int main(void) {}

One might expect the code to print out something like:

PARENTchild

However, because the parent and child are executing concurrently, and stdout is flushed each time a character is printed, the output might be mixed together, such as:

PcAhRiElNdT[blank line][blank line]

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Dec. 19, 2024 0:32