CWE-662 不恰当的同步机制

  • A+
所属分类:CWE(弱点枚举)

CWE-662 不恰当的同步机制

Improper Synchronization

结构: Simple

Abstraction: Class

状态: Draft

被利用可能性: unkown

基本描述

The software attempts to use a shared resource in an exclusive manner, but does not prevent or incorrectly prevents use of the resource by another thread or process.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 664 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 691 cwe_View_ID: 1000

  • cwe_Nature: CanPrecede cwe_CWE_ID: 362 cwe_View_ID: 1000

  • cwe_Nature: CanPrecede cwe_CWE_ID: 362 cwe_View_ID: 699

常见的影响

范围 影响 注释
['Integrity', 'Confidentiality', 'Other'] ['Modify Application Data', 'Read Application Data', 'Alter Execution Logic']

可能的缓解方案

Implementation

策略:

Use industry standard APIs to synchronize your code.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CERT C Secure Coding SIG00-C Mask signals handled by noninterruptible signal handlers
CERT C Secure Coding SIG31-C CWE More Abstract Do not access shared objects in signal handlers
CLASP State synchronization error
The CERT Oracle Secure Coding Standard for Java (2011) VNA03-J Do not assume that a group of calls to independently atomic methods is atomic
Software Fault Patterns SFP19 Missing Lock

相关攻击模式

  • CAPEC-25
  • CAPEC-26
  • CAPEC-27
  • CAPEC-29

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: