CWE-414 – Missing Lock Check

Read Time:24 Second

Description

A product does not check to see if a lock is present before performing sensitive operations on a resource.

Modes of Introduction:

– Architecture and Design

 

 

Related Weaknesses

CWE-667

 

Consequences

Integrity, Availability: Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart

 

Potential Mitigations

Phase: Architecture and Design, Implementation

Description: 

Implement a reliable lock mechanism.

CVE References

  • CVE-2004-1056
    • Product does not properly check if a lock is present, allowing other attackers to access functionality.