logo

Synchronous Access of Remote Resource without Timeout

Incomplete Base
Structure: Simple
Description

This vulnerability occurs when an application makes a synchronous call to a remote service or resource but does not set a timeout, or sets an infinite one. This leaves the application waiting indefinitely for a response.

Extended Description

When a synchronous remote call lacks a timeout, a simple slowdown or outage of the external resource can cause your application to hang. This directly undermines reliability, as a single unresponsive dependency can freeze a critical thread or process, leading to denial of service for legitimate users. From a security perspective, if an attacker can trigger this flawed code path, they can exploit the reliability weakness to create a vulnerability. By intentionally making the remote resource slow or unresponsive, they can cause resource exhaustion, application stalls, or complete service unavailability, turning an operational flaw into a security incident.
Common Consequences 1
Scope: Other

Impact: Reduce Reliability
References 1
Automated Source Code Reliability Measure (ASCRM)
Object Management Group (OMG)
01-2016
http://www.omg.org/spec/ASCRM/1.0/
ID: REF-961
Related Weaknesses
ChildOf: Incorrect Synchronization (CWE-821)
Taxonomy Mapping
  • OMG ASCRM