CWE-412

Unrestricted Externally Accessible Lock

AI Translation Available

The product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.

Status

incomplete

Abstraction

base

Affected Platforms

Extended Description

AI Translation

This prevents the product from acting on associated resources or performing other behaviors that are controlled by the presence of the lock. Relevant locks might include an exclusive lock or mutex, or modifying a shared resource that is treated as a lock. If the lock can be held for an indefinite period of time, then the denial of service could be permanent.

Technical Details

AI Translation

Common Consequences

availability

Impacts

dos: resource consumption (other)

Detection Methods

white box

Potential Mitigations

Phases:

architecture and design implementation

Descriptions:

• Use any access control that is offered by the functionality that is offering the lock.

• Consider modifying your code to use non-blocking synchronization methods.

• Use unpredictable names or identifiers for the locks. This might not always be possible or feasible.

AI Generated Translation

Common Consequences

disponibilità

Impacts

dos: consumo di risorse (altro)

Detection Methods

white box

Potential Mitigations

Phases:

architettura e design implementazione

Descriptions:

• Utilizza qualsiasi controllo di accesso offerto dalla funzionalità che fornisce la serratura.

• Considera di modificare il tuo codice per utilizzare metodi di sincronizzazione non bloccanti.

• Usa nomi o identificatori imprevedibili per i lock. Questo potrebbe non essere sempre possibile o fattibile.

CWE-412

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter