CWE-662
Improper Synchronization
ClassDraft
Description
The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-25 · CAPEC-26 · CAPEC-27 · CAPEC-29
CVEs mapped to this weakness (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-7409 | Hig | 0.49 | 7.5 | 0.02 | Aug 5, 2024 | A flaw was found in the QEMU NBD Server. This vulnerability allows a denial of service (DoS) attack via improper synchronization during socket closure when a client keeps a socket open as the server is taken offline. | |
| CVE-2026-39865 | Med | 0.31 | 5.9 | 0.00 | Apr 8, 2026 | Axios is a promise based HTTP client for the browser and Node.js. Starting in version 1.13.0 and prior to 1.13.2, Axios HTTP/2 session cleanup logic contains a state corruption bug that allows a malicious server to crash the client process through concurrent session closures. The vulnerability exists in the Http2Sessions.getSession() method in lib/adapters/http.js. The session cleanup logic contains a control flow error when removing sessions from the sessions array. This vulnerability is fixed in 1.13.2. | |
| CVE-2025-22853 | Low | 0.15 | 2.3 | 0.00 | Aug 12, 2025 | Improper synchronization in the firmware for some Intel(R) TDX may allow a privileged user to potentially enable escalation of privilege via local access. |