CWE-833 死锁
Deadlock
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
基本描述
The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 667 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 667 cwe_View_ID: 699 cwe_Ordinal: Primary
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Availability | ['DoS: Resource Consumption (CPU)', 'DoS: Resource Consumption (Other)', 'DoS: Crash, Exit, or Restart'] | Each thread of execution will "hang" and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop. |
分析过的案例
| 标识 | 说明 | 链接 |
|---|---|---|
| CVE-2009-2857 | OS deadlock | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2857 |
| CVE-2009-1961 | OS deadlock involving 3 separate functions | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1961 |
| CVE-2009-2699 | deadlock in library | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2699 |
| CVE-2009-4272 | deadlock triggered by packets that force collisions in a routing table | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4272 |
| CVE-2002-1850 | read/write deadlock between web server and script | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-1850 |
| CVE-2004-0174 | web server deadlock involving multiple listening connections | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0174 |
| CVE-2009-1388 | multiple simultaneous calls to the same function trigger deadlock. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1388 |
| CVE-2006-5158 | chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833). | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5158 |
| CVE-2006-4342 | deadlock when an operation is performed on a resource while it is being removed. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4342 |
| CVE-2006-2374 | Deadlock in device driver triggered by using file handle of a related device. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2374 |
| CVE-2006-2275 | Deadlock when large number of small messages cannot be processed quickly enough. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2275 |
| CVE-2005-3847 | OS kernel has deadlock triggered by a signal during a core dump. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3847 |
| CVE-2005-3106 | Race condition leads to deadlock. | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3106 |
| CVE-2005-2456 | Chain: array index error (CWE-129) leads to deadlock (CWE-833) | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2456 |
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| The CERT Oracle Secure Coding Standard for Java (2011) | LCK08-J | Ensure actively held locks are released on exceptional conditions |
相关攻击模式
- CAPEC-25