CAPEC 25 Forced Deadlock

Stable Meta Low Risk

Severity High

Description

The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.

Attack Execution Flow

Step 1

Explore

The adversary initiates an exploratory phase to get familiar with the system.

Step 2

Explore

The adversary triggers a first action (such as holding a resource) and initiates a second action which will wait for the first one to finish.

Step 3

Explore

If the target program has a deadlock condition, the program waits indefinitely resulting in a denial of service.

CAPEC 25 Forced Deadlock

Description

Attack Execution Flow

Step 1

Step 2

Step 3

Mitigations

For Competing Actions, Use Well-Known Libraries Which Implement Synchronization.

Use Known Algorithm To Avoid Deadlock Condition (For Instance Non-Blocking Synchronization Algorithms).

Consequences

Security Scopes Affected

Potential Impacts

Related ATT&CK Techniques

Application or System Exploitation

CAPEC 25 Forced Deadlock

Description

Attack Execution Flow

Step 1

Step 2

Step 3

Mitigations

For Competing Actions, Use Well-Known Libraries Which Implement Synchronization.

Use Known Algorithm To Avoid Deadlock Condition (For Instance Non-Blocking Synchronization Algorithms).

Consequences

Security Scopes Affected

Potential Impacts

Related ATT&CK Techniques

Application or System Exploitation

Iscriviti alla newsletter