CWE-662: Improper Synchronization
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product utilizes multiple threads or processes to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
常见后果
影响范围: Integrity Confidentiality Other
技术影响: Modify Application Data Read Application Data Alter Execution Logic
潜在缓解措施
阶段: Implementation
描述: Use industry standard APIs to synchronize your code.
观察示例
参考: CVE-2021-1782
Chain: improper locking (CWE-667) leads to race condition (CWE-362), as exploited in the wild per CISA KEV.
参考: CVE-2009-0935
Attacker provides invalid address to a memory-reading function, causing a mutex to be unlocked twice
引入模式
| 阶段 | 说明 |
|---|---|
| Architecture and Design | - |
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | SIG00-C | Mask signals handled by noninterruptible signal handlers | - |
| CERT C Secure Coding | SIG31-C | Do not access shared objects in signal handlers | CWE More Abstract |
| CLASP | - | State synchronization error | - |
| The CERT Oracle Secure Coding Standard for Java (2011) | VNA03-J | Do not assume that a group of calls to independently atomic methods is atomic | - |
| Software Fault Patterns | SFP19 | Missing Lock | - |
关键信息
CWE ID: CWE-662
抽象级别: Class
结构: Simple
状态: Draft