Concurrency Issues

A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker...

The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.

The code contains a function or method that operates in a multi-threaded environment but owns an unsafe non-final static storable or member d...

The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.

The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.

If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution...

The product uses a signal handler that introduces a race condition.

A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.

The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the ...

The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call t...

The product uses a non-blocking model that relies on a single threaded process for features such as scalability, but it contains code that can block when it is invo...

This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...