VYPR

CWE-362

Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

ClassDraftLikelihood: Medium

Description

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-26 · CAPEC-29

CVEs mapped to this weakness (1,091)

page 37 of 55
  • CVE-2020-36455Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the slock crate through 2020-11-17 for Rust. Slock unconditionally implements Send and Sync.

  • CVE-2020-36456Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the toolshed crate through 2020-11-15 for Rust. In CopyCell, the Send trait lacks bounds on the contained type.

  • CVE-2020-36457Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the lever crate before 0.1.1 for Rust. AtomicBox implements the Send and Sync traits for all types T.

  • CVE-2020-36458Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the lexer crate through 2020-11-10 for Rust. For ReaderResult<T, E>, there is an implementation of Sync with a trait bound of T: Send, E: Send.

  • CVE-2020-36459Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the dces crate through 2020-12-09 for Rust. The World type is marked as Send but lacks bounds on its EntityStore and ComponentStore.

  • CVE-2020-36460Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the model crate through 2020-11-10 for Rust. The Shared data structure has an implementation of the Send and Sync traits without regard for the inner type.

  • CVE-2020-36461Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the noise_search crate through 2020-12-10 for Rust. There are unconditional implementations of Send and Sync for MvccRwLock.

  • CVE-2020-36462Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the syncpool crate before 0.1.6 for Rust. There is an unconditional implementation of Send for Bucket2.

  • CVE-2020-36463Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the multiqueue crate through 2020-12-25 for Rust. There are unconditional implementations of Send for InnerSend<RW, T>, InnerRecv<RW, T>, FutInnerSend<RW, T>, and FutInnerRecv<RW, T>.

  • CVE-2020-36466Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the cgc crate through 2020-12-10 for Rust. Ptr implements Send and Sync for all types.

  • CVE-2020-36469Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the appendix crate through 2020-11-15 for Rust. For the generic K and V type parameters, Send and Sync are implemented unconditionally.

  • CVE-2020-36470Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the disrustor crate through 2020-12-17 for Rust. RingBuffer doe not properly limit the number of mutable references.

  • CVE-2020-36471Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the generator crate before 0.7.0 for Rust. It does not ensure that a function (for yielding values) has Send bounds.

  • CVE-2020-36472Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the max7301 crate before 0.2.0 for Rust. The ImmediateIO and TransactionalIO types implement Sync for all Expander types that they contain.

  • CVE-2021-38191Aug 8, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the tokio crate before 1.8.1 for Rust. Upon a JoinHandle::abort, a Task may be dropped in the wrong thread.

  • CVE-2021-32810Aug 2, 2021
    risk 0.00cvss epss 0.02

    crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more tasks in the worker queue can be popped twice instead of other tasks that are…

  • CVE-2021-30465May 27, 2021
    risk 0.00cvss epss 0.07

    runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on…

  • CVE-2020-15522May 20, 2021
    risk 0.00cvss epss 0.02

    Bouncy Castle BC Java before 1.66, BC C# .NET before 1.8.7, BC-FJA before 1.0.1.2, 1.0.2.1, and BC-FNA before 1.0.1.1 have a timing issue within the EC math library that can expose information about the private key when an attacker is able to observe timing information for the…

  • CVE-2021-28037Mar 5, 2021
    risk 0.00cvss epss 0.01

    An issue was discovered in the internment crate before 0.4.2 for Rust. There is a data race that can cause memory corruption because of the unconditional implementation of Sync for Intern.

  • CVE-2020-36203Jan 22, 2021
    risk 0.00cvss epss 0.00

    An issue was discovered in the reffers crate through 2020-12-01 for Rust. ARefss can contain a !Send,!Sync object, leading to a data race and memory corruption.