CWE-667
Improper Locking
Description
The product does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-25 · CAPEC-26 · CAPEC-27
CVEs mapped to this weakness (147)
page 8 of 8| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-24329 | — | 0.00 | — | 0.02 | Feb 25, 2022 | In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects. | ||
| CVE-2021-41213 | 0.00 | — | 0.00 | Nov 5, 2021 | TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object.… | |||
| CVE-2021-20291 | 0.00 | — | 0.02 | Apr 1, 2021 | A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation… | |||
| CVE-2020-36220 | — | 0.00 | — | 0.01 | Jan 22, 2021 | An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer omits a required T: Send bound, a data race and memory corruption can occur. | ||
| CVE-2020-13246 | — | 0.00 | — | 0.02 | May 20, 2020 | An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another. | ||
| CVE-2019-10072 | 0.00 | — | 0.73 | Jun 21, 2019 | The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause… | |||
| CVE-2018-1000127 | Hig | 0.00 | 7.5 | 0.02 | Mar 13, 2018 | memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to… |
- CVE-2022-24329Feb 25, 2022risk 0.00cvss —epss 0.02
In JetBrains Kotlin before 1.6.0, it was not possible to lock dependencies for Multiplatform Gradle Projects.
- CVE-2021-41213Nov 5, 2021risk 0.00cvss —epss 0.00
TensorFlow is an open source platform for machine learning. In affected versions the code behind `tf.function` API can be made to deadlock when two `tf.function` decorated Python functions are mutually recursive. This occurs due to using a non-reentrant `Lock` Python object.…
- CVE-2021-20291Apr 1, 2021risk 0.00cvss —epss 0.02
A deadlock vulnerability was found in 'github.com/containers/storage' in versions before 1.28.1. When a container image is processed, each layer is unpacked using `tar`. If one of those layers is not a valid `tar` archive this causes an error leading to an unexpected situation…
- CVE-2020-36220Jan 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the va-ts crate before 0.0.4 for Rust. Because Demuxer omits a required T: Send bound, a data race and memory corruption can occur.
- CVE-2020-13246May 20, 2020risk 0.00cvss —epss 0.02
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another.
- CVE-2019-10072Jun 21, 2019risk 0.00cvss —epss 0.73
The fix for CVE-2019-0199 was incomplete and did not address HTTP/2 connection window exhaustion on write in Apache Tomcat versions 9.0.0.M1 to 9.0.19 and 8.5.0 to 8.5.40 . By not sending WINDOW_UPDATE messages for the connection window (stream 0) clients were able to cause…
- risk 0.00cvss 7.5epss 0.02
memcached version prior to 1.4.37 contains an Integer Overflow vulnerability in items.c:item_free() that can result in data corruption and deadlocks due to items existing in hash table being reused from free list. This attack appear to be exploitable via network connectivity to…