QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-432

Back to CWE list

CWE-432

Dangerous Signal Handler not Disabled During Sensitive Operations

Base
Draft

Description

The product uses a signal handler that shares state with other signal handlers, but it does not properly mask or prevent those signal handlers from being invoked while the original signal handler is still running.

During the execution of a signal handler, it can be interrupted by another handler when a different signal is sent. If the two handlers share state - such as global variables - then an attacker can corrupt the state by sending another signal before the first handler has completed execution.

Common Consequences

Scope

Integrity

Impact

Modify Application Data

Potential Mitigations

Implementation

Turn off dangerous handlers when performing sensitive operations.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now