{"@ID": "820", "@Name": "Missing Synchronization", "@Abstraction": "Base", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The product utilizes a shared resource in a concurrent manner but does not attempt to synchronize access to the resource.", "Extended_Description": "If access to a shared resource is not synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.", "Related_Weaknesses": {"Related_Weakness": [{"@Nature": "ChildOf", "@CWE_ID": "662", "@View_ID": "1000", "@Ordinal": "Primary"}, {"@Nature": "ChildOf", "@CWE_ID": "662", "@View_ID": "1305", "@Ordinal": "Primary"}, {"@Nature": "ChildOf", "@CWE_ID": "662", "@View_ID": "1340", "@Ordinal": "Primary"}]}, "Weakness_Ordinalities": {"Weakness_Ordinality": {"Ordinality": "Primary"}}, "Applicable_Platforms": {"Language": {"@Class": "Not Language-Specific", "@Prevalence": "Undetermined"}}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Implementation"}}, "Common_Consequences": {"Consequence": {"Scope": ["Integrity", "Confidentiality", "Other"], "Impact": ["Modify Application Data", "Read Application Data", "Alter Execution Logic"]}}, "Demonstrative_Examples": {"Demonstrative_Example": {"@Demonstrative_Example_ID": "DX-170", "Intro_Text": "The following code intends to fork a process, then have both the parent and child processes print a single line.", "Example_Code": {"@Nature": "Bad", "@Language": "C", "xhtml:div": {"xhtml:div": [{"@style": "margin-left:1em;", "xhtml:div": {"xhtml:br": [null, null], "xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": {"xhtml:br": [null, null, null, null], "xhtml:i": "/* Make timing window a little larger... */", "#text": "putc(counter, stdout);fflush(stdout);\n                                 \n                                 \n                                 sleep(1);"}}, "#text": "char * word;int counter;for (word = string; counter = *word++; ) {}"}}, {"@style": "margin-left:1em;", "xhtml:div": {"xhtml:br": [null, null, null, null, null, null], "xhtml:div": [{"@style": "margin-left:1em;", "#text": "exit(-2);"}, {"@style": "margin-left:1em;", "#text": "print(\"child\\n\");"}, {"@style": "margin-left:1em;", "#text": "print(\"PARENT\\n\");"}], "#text": "pid_t pid;\n                           pid = fork();if (pid == -1) {}else if (pid == 0) {}else {}exit(0);"}}], "xhtml:br": [null, null], "#text": "static void print (char * string) {}\n                     int main(void) {}"}}, "Body_Text": ["One might expect the code to print out something like:", {"xhtml:div": {"xhtml:div": ["PARENT", "child"]}}, "However, because the parent and child are executing concurrently, and stdout is flushed each time a character is printed, the output might be mixed together, such as:", {"xhtml:div": {"xhtml:div": ["PcAhRiElNdT", "[blank line]", "[blank line]"]}}]}}, "Taxonomy_Mappings": {"Taxonomy_Mapping": {"@Taxonomy_Name": "The CERT Oracle Secure Coding Standard for Java (2011)", "Entry_ID": "LCK05-J", "Entry_Name": "Synchronize access to static fields that can be modified by untrusted code"}}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Notes": {"Note": {"@Type": "Maintenance", "#text": "Deeper research is necessary for synchronization and related mechanisms, including locks, mutexes, semaphores, and other mechanisms. Multiple entries are dependent on this research, which includes relationships to concurrency, race conditions, reentrant functions, etc.  CWE-662 and its children - including CWE-667, CWE-820, CWE-821, and others - may need to be modified significantly, along with their relationships."}}, "Content_History": {"Submission": {"Submission_Name": "CWE Content Team", "Submission_Organization": "MITRE", "Submission_Date": "2010-08-06", "Submission_Version": "1.10", "Submission_ReleaseDate": "2010-09-27"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2010-12-13", "Modification_Version": "1.11", "Modification_ReleaseDate": "2010-12-13", "Modification_Comment": "updated Demonstrative_Examples, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences, Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2013-07-17", "Modification_Version": "2.5", "Modification_ReleaseDate": "2013-07-17", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-01-03", "Modification_Version": "3.2", "Modification_ReleaseDate": "2019-01-03", "Modification_Comment": "updated Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-09-23", "Modification_Version": "3.4.1", "Modification_ReleaseDate": "2019-09-23", "Modification_Comment": "updated Maintenance_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-08-20", "Modification_Version": "4.2", "Modification_ReleaseDate": "2020-08-20", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-12-10", "Modification_Version": "4.3", "Modification_ReleaseDate": "2020-12-10", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-01-31", "Modification_Version": "4.10", "Modification_ReleaseDate": "2023-01-31", "Modification_Comment": "updated Description"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-10-26", "Modification_Version": "4.13", "Modification_ReleaseDate": "2023-10-26", "Modification_Comment": "updated Demonstrative_Examples"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms, Time_of_Introduction, Weakness_Ordinalities"}]}}
