CWE-663

Use of a Non-reentrant Function in a Concurrent Context

Base

Draft

Description

The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.

Parent Weaknesses (ChildOf)

CWE-662: Improper Synchronization...

Common Consequences

Scope

Integrity

Confidentiality

Other

Impact

Modify Memory, Read Memory, Modify Application Data, Read Application Data, Alter Execution Logic

Potential Mitigations

Implementation

Use reentrant functions if available.

Implementation

Add synchronization to your non-reentrant function.

Implementation

In Java, use the ReentrantLock Class.

CVE-2001-1349

unsafe calls to library functions from signal handler

CVE-2004-2259

SIGCHLD signal to FTP server can cause crash under heavy load while executing non-reentrant functions like malloc/free.

Applicable Platforms

Not Language-Specific

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CWE-663

Use of a Non-reentrant Function in a Concurrent Context

Description

Relationships

Common Consequences

Potential Mitigations

Related CVEs

Applicable Platforms