CWE-432: Dangerous Signal Handler not Disabled During Sensitive Operations
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers from being invoked while the original signal handler is still running.
扩展描述
During the execution of a signal handler, it can be interrupted by another handler when a different signal is sent. If the two handlers share state - such as global variables - then an attacker can corrupt the state by sending another signal before the first handler has completed execution.
常见后果
影响范围: Integrity
技术影响: Modify Application Data
潜在缓解措施
阶段: Implementation
描述: Turn off dangerous handlers when performing sensitive operations.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | SIG00-C | Mask signals handled by noninterruptible signal handlers | - |
| PLOVER | - | Dangerous handler not cleared/disabled during sensitive operations | - |