CWE-820: Missing Synchronization
Description
The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.
Submission Date :
Aug. 6, 2010, midnight
Modification Date :
2023-10-26 00:00:00+00:00
Organization :
MITRE
Extended Description
If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.
Example - 1
The following code intends to fork a process, then have both the parent and child processes print a single line. One might expect the code to print out something like: However, because the parent and child are executing concurrently, and stdout is flushed each time a character is printed, the output might be mixed together, such as:
// /* Make timing window a little larger... *///
putc(counter, stdout);fflush(stdout);sleep(1);char * word;int counter;for (word = string; counter = *word++; ) {}
exit(-2);
print("child\n");
print("PARENT\n");
pid_t pid;pid = fork();if (pid == -1) {}else if (pid == 0) {}else {}exit(0);static void print (char * string) {}int main(void) {}
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
CWE-543: Use of Singleton Pattern Without Synchronization in a Multithreaded Context
CWE-567: Unsynchronized Access to Shared Data in a Multithreaded Context
CWE-662: Improper Synchronization
CWE-1096: Singleton Class Instance Creation without Proper Locking or Synchronization
Visit http://cwe.mitre.org/ for more details.