A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to concurrent use of shared resources.
A product performs a series of non-atomic actions to switch between contexts that cross privilege or other security boundaries, but a race condition allows an attacker...
The software contains an empty synchronized block.
The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.
The code contains a function or method that operates in a multi-threaded environment but owns an unsafe non-final static storable or member d...
The software utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.
The product opens an alternate channel to communicate with an authorized user, but the channel is accessible to other actors.
The software checks the status of a file or directory before accessing it, which produces a race condition in which the file can be replaced with a link before the acc...
The code contains a switch statement in which the switched variable can be modified while the switch is still executing, resulting in unexpected behavior.
If two threads of execution use a resource simultaneously, there exists the possibility that resources may be used while invalid, in turn making the state of execution...
The software uses a signal handler that introduces a race condition.
A constant symbolic reference to an object is used, even though the reference can resolve to a different object over time.
The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.
The software checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the...
The product does not properly synchronize shared data, such as static variables across threads, which can lead to undefined behavior and unpredictable data changes.
The software calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call ...
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...