logo

Missing Synchronization

Incomplete Base
Structure: Simple
Description

This vulnerability occurs when multiple parts of your application (like threads or processes) use the same resource—such as a variable, file, or data structure—without proper coordination to control who accesses it and when.

Extended Description

When different parts of your code run concurrently and touch a shared resource without synchronization, the resource's state can become unpredictable. One thread might read a value while another is halfway through modifying it, or two processes might overwrite each other's changes, leading to corrupted data, crashes, or incorrect calculations that break your application's logic. This lack of coordination creates a race condition window that attackers can potentially exploit. By carefully timing their interactions, an attacker might manipulate the shared resource into an unexpected state that bypasses security checks, leaks sensitive information, or causes the system to behave in unintended and insecure ways.
Common Consequences 1
Scope: IntegrityConfidentialityOther

Impact: Modify Application DataRead Application DataAlter Execution Logic
Demonstrative Examples 1

ID : DX-170

The following code intends to fork a process, then have both the parent and child processes print a single line.

Code Example:

Bad
C
c

/* Make timing window a little larger... /

c
One might expect the code to print out something like:
```
		PARENT
		child
```
However, because the parent and child are executing concurrently, and stdout is flushed each time a character is printed, the output might be mixed together, such as:
```
		PcAhRiElNdT
		[blank line]
		[blank line]
```
     
  
                
 
 
Related Weaknesses 
 
 
 
 
  ChildOf:
 Improper Synchronization (CWE-662) 
  ChildOf:
 Improper Synchronization (CWE-662) 
  ChildOf:
 Improper Synchronization (CWE-662) 
 
 
 
 
Taxonomy Mapping 
  • The CERT Oracle Secure Coding Standard for Java (2011)
  
Notes 
MaintenanceDeeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc. Improper Synchronization and its children - including Improper Locking, Missing Synchronization, Incorrect Synchronization, and others - may need to be modified significantly, along with their relationships.