Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-833:Deadlock
Weakness ID:833
Version:v4.17
Weakness Name:Deadlock
Vulnerability Mapping:Allowed
Abstraction:Base
Structure:Simple
Status:Incomplete
Likelihood of Exploit:
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.

▼Extended Description

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowed-with-ReviewC667Improper Locking
Nature: ChildOf
Mapping: Allowed-with-Review
Type: Class
ID: 667
Name: Improper Locking
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC411Resource Locking Problems
MemberOfProhibitedC853The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
MemberOfProhibitedC1401Comprehensive Categorization: Concurrency
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 411
Name: Resource Locking Problems
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 853
Name: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 10 - Locking (LCK)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1401
Name: Comprehensive Categorization: Concurrency
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-314DoS: Resource Consumption (CPU) (impact)
MemberOfProhibitedBSBOSS-324DoS: Crash, Exit, or Restart (impact)
MemberOfProhibitedBSBOSS-333DoS: Resource Consumption (Other) (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-314
Name: DoS: Resource Consumption (CPU) (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-324
Name: DoS: Crash, Exit, or Restart (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-333
Name: DoS: Resource Consumption (Other) (impact)
▼Relevant To View
Relevant to the view"Software Development - (699)"
NatureMappingTypeIDName
MemberOfProhibitedC411Resource Locking Problems
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 411
Name: Resource Locking Problems
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
AvailabilityN/ADoS: Resource Consumption (CPU)DoS: Resource Consumption (Other)DoS: Crash, Exit, or Restart

Each thread of execution will "hang" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop.

Scope: Availability
Likelihood: N/A
Impact: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Other), DoS: Crash, Exit, or Restart
Note:

Each thread of execution will "hang" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop.

▼Potential Mitigations
▼Modes Of Introduction
▼Applicable Platforms
▼Demonstrative Examples
▼Observed Examples
ReferenceDescription
CVE-1999-1476
A bug in some Intel Pentium processors allow DoS (hang) via an invalid "CMPXCHG8B" instruction, causing a deadlock
CVE-2009-2857
OS deadlock
CVE-2009-1961
OS deadlock involving 3 separate functions
CVE-2009-2699
deadlock in library
CVE-2009-4272
deadlock triggered by packets that force collisions in a routing table
CVE-2002-1850
read/write deadlock between web server and script
CVE-2004-0174
web server deadlock involving multiple listening connections
CVE-2009-1388
multiple simultaneous calls to the same function trigger deadlock.
CVE-2006-5158
chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).
CVE-2006-4342
deadlock when an operation is performed on a resource while it is being removed.
CVE-2006-2374
Deadlock in device driver triggered by using file handle of a related device.
CVE-2006-2275
Deadlock when large number of small messages cannot be processed quickly enough.
CVE-2005-3847
OS kernel has deadlock triggered by a signal during a core dump.
CVE-2005-3106
Race condition leads to deadlock.
CVE-2005-2456
Chain: array index error (CWE-129) leads to deadlock (CWE-833)
Reference: CVE-1999-1476
Description:
A bug in some Intel Pentium processors allow DoS (hang) via an invalid "CMPXCHG8B" instruction, causing a deadlock
Reference: CVE-2009-2857
Description:
OS deadlock
Reference: CVE-2009-1961
Description:
OS deadlock involving 3 separate functions
Reference: CVE-2009-2699
Description:
deadlock in library
Reference: CVE-2009-4272
Description:
deadlock triggered by packets that force collisions in a routing table
Reference: CVE-2002-1850
Description:
read/write deadlock between web server and script
Reference: CVE-2004-0174
Description:
web server deadlock involving multiple listening connections
Reference: CVE-2009-1388
Description:
multiple simultaneous calls to the same function trigger deadlock.
Reference: CVE-2006-5158
Description:
chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).
Reference: CVE-2006-4342
Description:
deadlock when an operation is performed on a resource while it is being removed.
Reference: CVE-2006-2374
Description:
Deadlock in device driver triggered by using file handle of a related device.
Reference: CVE-2006-2275
Description:
Deadlock when large number of small messages cannot be processed quickly enough.
Reference: CVE-2005-3847
Description:
OS kernel has deadlock triggered by a signal during a core dump.
Reference: CVE-2005-3106
Description:
Race condition leads to deadlock.
Reference: CVE-2005-2456
Description:
Chain: array index error (CWE-129) leads to deadlock (CWE-833)
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      The CERT Oracle Secure Coding Standard for Java (2011)LCK08-JN/AEnsure actively held locks are released on exceptional conditions
      Taxonomy Name: The CERT Oracle Secure Coding Standard for Java (2011)
      Entry ID: LCK08-J
      Fit: N/A
      Entry Name: Ensure actively held locks are released on exceptional conditions
      ▼Related Attack Patterns
      IDName
      CAPEC-25
      Forced Deadlock
      ID: CAPEC-25
      Name: Forced Deadlock
      ▼References
      Reference ID: REF-62
      Title: The Art of Software Security Assessment
      Author: Mark Dowd, John McDonald, Justin Schuh
      Section: Chapter 13, "Synchronization Problems", section "Starvation and Deadlocks", Page 760
      Publication:
      Publisher:Addison Wesley
      Edition:1st Edition
      URL:
      URL Date:
      Day:N/A
      Month:N/A
      Year:2006
      Reference ID: REF-783
      Title: Secure Coding in C and C++
      Author: Robert C. Seacord
      Section: Chapter 7, "Concurrency", section "Mutual Exclusion and Deadlock", Page 248
      Publication:
      Publisher:Addison Wesley
      Edition:
      URL:
      URL Date:
      Day:N/A
      Month:N/A
      Year:2006
      Details not found