Missing Synchronization
Incomplete Base
Structure: Simple
Description
The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.
If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.
Common Consequences 1
Scope: IntegrityConfidentialityOther
Impact: Modify Application DataRead Application DataAlter Execution Logic
Demonstrative Examples 1
ID : DX-170
The following code intends to fork a process, then have both the parent and child processes print a single line.Code Example:
Bad
C
c/* Make timing window a little larger... /
cOne might expect the code to print out something like:
```
PARENT
child
```
However, because the parent and child are executing concurrently, and stdout is flushed each time a character is printed, the output might be mixed together, such as:
```
PcAhRiElNdT
[blank line]
[blank line]
```
Related Weaknesses
ChildOf:
Improper Synchronization (CWE-662)
ChildOf:
Improper Synchronization (CWE-662)
ChildOf:
Improper Synchronization (CWE-662)
Taxonomy Mapping
- The CERT Oracle Secure Coding Standard for Java (2011)
Notes
MaintenanceDeeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc. Improper Synchronization and its children - including Improper Locking, Missing Synchronization, Incorrect Synchronization, and others - may need to be modified significantly, along with their relationships.