ByteOS Network

CWE-821:Incorrect Synchronization

Weakness ID:821

Version:v4.17

Weakness Name:Incorrect Synchronization

Vulnerability Mapping:Allowed

Abstraction:Base

Structure:Simple

Status:Incomplete

Details Content History Observed CVE Examples Reports

▼Description

The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.

▼Extended Description

If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.

▼Relationships

Relevant to the view"Research Concepts - (1000)"

Nature	Mapping	Type	ID	Name
ChildOf	Discouraged	C	662	Improper Synchronization
ParentOf	Allowed	B	1088	Synchronous Access of Remote Resource without Timeout
ParentOf	Allowed	B	1264	Hardware Logic with Insecure De-Synchronization between Control and Data Channels
ParentOf	Allowed	V	572	Call to Thread run() instead of start()
ParentOf	Allowed	V	574	EJB Bad Practices: Use of Synchronization Primitives

Nature: ChildOf

Mapping: Discouraged

Type: Class

ID: 662

Name: Improper Synchronization

Nature: ParentOf

Mapping: Allowed

Type: Base

ID: 1088

Name: Synchronous Access of Remote Resource without Timeout

Nature: ParentOf

Mapping: Allowed

Type: Base

ID: 1264

Name: Hardware Logic with Insecure De-Synchronization between Control and Data Channels

Nature: ParentOf

Mapping: Allowed

Type: Variant

ID: 572

Name: Call to Thread run() instead of start()

Nature: ParentOf

Mapping: Allowed

Type: Variant

ID: 574

Name: EJB Bad Practices: Use of Synchronization Primitives

▼Memberships

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	557	Concurrency Issues
MemberOf	Prohibited	C	1401	Comprehensive Categorization: Concurrency

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 557

Name: Concurrency Issues

Nature: MemberOf

Mapping: Prohibited

Type:Category

ID: 1401

Name: Comprehensive Categorization: Concurrency

▼Tags

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	BS	BOSS-318	Modify Application Data (impact)
MemberOf	Prohibited	BS	BOSS-328	Read Application Data (impact)
MemberOf	Prohibited	BS	BOSS-330	Alter Execution Logic (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-318

Name: Modify Application Data (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-328

Name: Read Application Data (impact)

Nature: MemberOf

Mapping: Prohibited

Type:BOSSView

ID: BOSS-330

Name: Alter Execution Logic (impact)

▼Relevant To View

Relevant to the view"Software Development - (699)"

Nature	Mapping	Type	ID	Name
MemberOf	Prohibited	C	557	Concurrency Issues

Nature: MemberOf

Mapping: Prohibited

Type: Category

ID: 557

Name: Concurrency Issues

▼Common Consequences

Scope	Likelihood	Impact	Note
IntegrityConfidentialityOther	N/A	Modify Application DataRead Application DataAlter Execution Logic	N/A

Scope: Integrity, Confidentiality, Other

Likelihood: N/A

Impact: Modify Application Data, Read Application Data, Alter Execution Logic

Note:

N/A

▼Vulnerability Mapping Notes

Usage:Allowed

Reason:Acceptable-Use

Rationale:

This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

Comments:

Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

▼Notes

Maintenance

Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc. CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships.