Description
The software contains multiple threads or executable segments that are waiting for each other to release a necessary lock, resulting in deadlock.
Modes of Introduction:
Likelihood of Exploit:
Related Weaknesses
Consequences
Availability: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Other), DoS: Crash, Exit, or Restart
Each thread of execution will “hang” and prevent tasks from completing. In some cases, CPU consumption may occur if a lock check occurs in a tight loop.
Potential Mitigations
CVE References
- CVE-1999-1476
- A bug in some Intel Pentium processors allow DoS (hang) via an invalid “CMPXCHG8B” instruction, causing a deadlock
- CVE-2009-2857
- OS deadlock
- CVE-2009-1961
- OS deadlock involving 3 separate functions
- CVE-2009-2699
- deadlock in library
- CVE-2009-4272
- deadlock triggered by packets that force collisions in a routing table
- CVE-2002-1850
- read/write deadlock between web server and script
- CVE-2004-0174
- web server deadlock involving multiple listening connections
- CVE-2009-1388
- multiple simultaneous calls to the same function trigger deadlock.
- CVE-2006-5158
- chain: other weakness leads to NULL pointer dereference (CWE-476) or deadlock (CWE-833).
- CVE-2006-4342
- deadlock when an operation is performed on a resource while it is being removed.
- CVE-2006-2374
- Deadlock in device driver triggered by using file handle of a related device.
- CVE-2006-2275
- Deadlock when large number of small messages cannot be processed quickly enough.
- CVE-2005-3847
- OS kernel has deadlock triggered by a signal during a core dump.
- CVE-2005-3106
- Race condition leads to deadlock.
- CVE-2005-2456
- Chain: array index error (CWE-129) leads to deadlock (CWE-833)
More Stories
The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them
Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...
ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows
Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...
CWE-669 – Incorrect Resource Transfer Between Spheres
Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...
CWE-67 – Improper Handling of Windows Device Names
Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a...
CWE-670 – Always-Incorrect Control Flow Implementation
Description The code contains a control flow path that does not reflect the algorithm that the path is intended to...
CWE-671 – Lack of Administrator Control over Security
Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect...