CWE-1322 – Use of Blocking Code in Single-threaded, Non-blocking Context

Read Time:42 Second

Description

The product uses a non-blocking model that relies on a single threaded process
for features such as scalability, but it contains code that can block when it is invoked.

Modes of Introduction:

– Implementation

 

 

Related Weaknesses

CWE-834
CWE-835

 

Consequences

Availability: DoS: Resource Consumption (CPU)

An unexpected call to blocking code can trigger an infinite loop, or a large loop that causes the software to pause and wait indefinitely.

 

Potential Mitigations

Phase: Implementation

Description: 

Generally speaking, blocking calls should be
replaced with non-blocking alternatives that can be used asynchronously.
Expensive computations should be passed off to worker threads, although
the correct approach depends on the framework being used.

Phase: Implementation

Description: 

For expensive computations, consider breaking them up into
multiple smaller computations. Refer to the documentation of the
framework being used for guidance.

CVE References