CWE-663: Use of a Non-reentrant Function in a Concurrent Context

Base Draft Simple

CWE版本: 4.18

更新日期: 2025-09-09

弱点描述

The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.

常见后果

影响范围: Integrity Confidentiality Other

技术影响: Modify Memory Read Memory Modify Application Data Read Application Data Alter Execution Logic

潜在缓解措施

阶段: Implementation

描述: Use reentrant functions if available.

阶段: Implementation

描述: Add synchronization to your non-reentrant function.

阶段: Implementation

描述: In Java, use the ReentrantLock Class.

观察示例

参考: CVE-2001-1349

unsafe calls to library functions from signal handler

参考: CVE-2004-2259

SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.

引入模式

阶段	说明
Implementation	-

关键信息

CWE ID: CWE-663

抽象级别: Base

结构: Simple

状态: Draft

CWE-663: Use of a Non-reentrant Function in a Concurrent Context

弱点描述

常见后果

潜在缓解措施

观察示例

引入模式

关键信息

相关弱点

相关攻击模式

CWE-663: Use of a Non-reentrant Function in a Concurrent Context

弱点描述

常见后果

潜在缓解措施

观察示例

引入模式

关键信息

相关弱点

ChildOf CWE-662

相关攻击模式