Category: Concurrency Issues
Draft
Summary
Weaknesses in this category are related to concurrent use of shared resources.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1058 | Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element | The code contains a function or method that operates in a multi-threaded environment but owns an unsafe non-final static storable or member data element. |
| CWE-1322 | Use of Blocking Code in Single-threaded, Non-blocking Context | The product uses a non-blocking model that relies on a single threaded process for features such as scalability, but it contains code that can block when it is invoked. |
| CWE-364 | Signal Handler Race Condition | The product uses a signal handler that introduces a race condition. |
| CWE-366 | Race Condition within a Thread | If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution undefined. |
| CWE-367 | Time-of-check Time-of-use (TOCTOU) Race Condition | The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check. |
| CWE-368 | Context Switching Race Condition | A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker to modify or misrepresent the product's behavior during the switch. |
| CWE-386 | Symbolic Name not Mapping to Correct Object | A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time. |
| CWE-421 | Race Condition During Access to Alternate Channel | The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors. |
| CWE-663 | Use of a Non-reentrant Function in a Concurrent Context | The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state. |
| CWE-820 | Missing Synchronization | The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource. |
| CWE-821 | Incorrect Synchronization | The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource. |
| CWE-699 | Software Development | This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development lifecycle including both architecture and implementation. Accordingly, this view can align closely with the perspectives of architects, developers, educators, and assessment vendors. It provides a variety of categories that are intended to simplify navigation, browsing, and mapping. |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.