CWE-662: Improper Synchronization

ClassDraft

The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.

View on MITRE
Back to CWE Lookup

Extended Description

Synchronization refers to a variety of behaviors and mechanisms that allow two or more independently-operating processes or threads to ensure that they operate on shared resources in predictable ways that do not interfere with each other. Some shared resource operations cannot be executed atomically; that is, multiple steps must be guaranteed to execute sequentially, without any interference by other processes. Synchronization mechanisms vary widely, but they may include locking, mutexes, and semaphores. When a multi-step operation on a shared resource cannot be guaranteed to execute independent of interference, then the resulting behavior can be unpredictable. Improper synchronization could lead to data or memory corruption, denial of service, etc.

Technical Details

Structure
Simple
Vulnerability Mapping
DISCOURAGED

Applicable To

Languages
Not Language-Specific
Platforms

Frequently Asked Questions

What is CWE-662: Improper Synchronization?+

CWE-662: Improper Synchronization is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes. Synchronization refers to a variety of behaviors and mechanisms that allow two or more independently-operating processes or threads to ensure that they operate on shared resources in predictable ways that do not interfere with each other. Some shared resource operations cannot be executed atomically; that is, multiple steps must be guaranteed to execute sequentially, without any interference by other processes. Synchronization mechanisms vary widely, but they may include locking, mutexes, and semaphores. When a multi-step operation on a shared resource cannot be guaranteed to execute independent of interference, then the resulting behavior can be unpredictable. Improper synchronization could lead to data or memory corruption, denial of service, etc.

What are the security consequences of Improper Synchronization?+

If exploited, CWE-662 (Improper Synchronization) it can compromise Integrity, Confidentiality and Other, leading to outcomes such as Modify Application Data, Read Application Data and Alter Execution Logic.

How do you prevent or mitigate Improper Synchronization?+

Recommended mitigations for CWE-662 include: Use industry standard APIs to synchronize your code.

Which programming languages are affected by Improper Synchronization?+

CWE-662 commonly affects Not Language-Specific. Note that weaknesses are often language-agnostic patterns, so secure coding practices apply broadly.

What are real-world examples of Improper Synchronization?+

MITRE documents real CVEs mapped to CWE-662, including CVE-2021-1782 and CVE-2009-0935. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-662 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More