ソスyソスソスソスpソスKソスCソスhソスz

CWE-362

Weakness ID:362(Weakness Class)

Status: Draft

ソスソスソスソスソスソスソス

ソスソスソス

ソスソスソスソスvソスソス

ソスRソス[ソスhソスヘ難ソスツの托ソスソスソスヤで、ソスソスソスソスフ擾ソスヤゑソスソスマ更ソスソスソスソスネゑソスソス謔、ソスvソスソスソスソスソストゑソスソスワゑソスソスソスソスAソス\ソスソスソスソスソスハ趣ソスフゑソスvソスソスソスZソスXソスノゑソスソスAソスマ更ソスソスソスツ能ソスネタソスCソス~ソスソスソスOソスEソスBソスソスソスhソスEソスソスソスソスソスンゑソスソスワゑソスソスB

ソスレ細な会ソスソス

ソス{ソスニ弱性ソスヘ、ソス\ソスソスソスソスソス黷スソスソスソスソスソスソスソスソスソスソスソスZソスLソスソスソスソスソスeソスBソスソスdソスソスネコソス[ソスh (ソスソスFソスソスソス[ソスUソスソスソスFソスリゑソスソスソストゑソスソス驍ゥソスロゑソスソスソスソスLソス^ソスソスソスソスソスソスフ、ソスソスソスOソスメの影ソスソスソスソスソスけてはなゑソスネゑソスソスdソスvソスネ擾ソスヤ擾ソスソスソスマ更ソスソスソスソスソスソスフ難ソス) ソスソスソスノ托ソスソスンゑソスソスソス鼾ソスAソスZソスLソスソスソスソスソスeソスBソスソスフ影ソスソスソスソス^ソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB

ソスニ弱性ソスフ費ソスソスソスソスソスソスソス

ソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計
ソスソスソスソス

ソスYソスソスソスソスソスソスvソスソスソスbソスgソスtソスHソス[ソスソス

ソスAソス[ソスLソスeソスNソス`ソスソスソスフ趣ソスソスソス

ソスソスソスLソスソスソス\ソス[ソスXソスソスナ、ソスソスソスソスソスノ費ソスソスソスソスソスソスソスVソスXソスeソスソスソスソスソスソス

ソスソスハ的ソスネ影ソスソス

 

ソスeソスソスソスソスソスけゑソスヘ茨ソス ソスeソスソス
ソスツ用ソスソス ソスZソスpソスIソスCソスソスソスpソスNソスgソスFDoSソスiCPU ソスフソスソス\ソス[ソスXソスソスソスソスjソスADoSソスiソスソスソスソスソスソスソスフソスソス\ソス[ソスXソスソスソスソスjソスADoSソスiソスソスソスフ托ソスソスフソスソス\ソス[ソスXソスソスソスソスj
ソスソスソスソスソスソスヤにゑソスソスAソスソスソス\ソス[ソスXソスフクソスソスソス[ソスソスソスAソスbソスvソスソスソス[ソス`ソスソスソスフ会ソスソスソスAソスワゑソスソスヘ包ソスソスソスソスフ擾ソスソスソスソスソスソスソスソス[ソス`ソスソスソスソスソスソスソスソスソスNソスソスソスソスソスソスソスニゑソスソスツ能ソスネ場合ソスA resource exhaustion (CWE-400) ソスソスソスソスソスソスソスソスソス黷ェソスソスソスソスワゑソスソスB
ソスツ用ソスソス ソスZソスpソスIソスCソスソスソスpソスNソスgソスF DoS: crash / exit / restartソスADoSソスiソスsソスソスソスソスj
ソスソスソスソスソスソスヤにゑソスソスAソスソスソスソスソスフ撰ソスソスソスtソスソスソス[ソスソスソスソスソスソスソスノ茨ソスツのソスソス\ソス[ソスXソスノアソスNソスZソスXソスソスソス驍アソスニゑソスソスツ能ソスネ場合ソスAソスvソスソスソスOソスソスソスソスソスソスソス\ソスソスソスソスソスネゑソスソスソスヤに陥ゑソスAソスNソスソスソスbソスVソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB
ソス@ソスソスソスソス
ソスソスソスSソスソス		 ソスZソスpソスIソスCソスソスソスpソスNソスgソスFソスtソス@ソスCソスソスソスソスfソスBソスソスソスNソスgソスソスソスフ読み趣ソスソス
ソスソスソスソスソスソスヤゑソスソスAソスソスソスソスソスツ能ソスネソスソス\ソス[ソスXソスソスソスソスsソス\ソスソスソスネアソスNソスZソスXソスソスソスソスニ鯉ソスソスムつゑソスソスソスソスロ、ソスUソスソスソスメにゑソスソスAソス@ソスソスソスfソス[ソス^ソスヨアソスNソスZソスXソスワゑソスソスヘ上書ソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスB(CWE-59)

 

ソスUソスソスソスソスソスけゑソスツ能ソスソス

ソスソス

ソスソスソスoソスソスi

ソスuソスソスソスbソスNソス{ソスbソスNソスX
ソスuソスソスソスbソスNソス{ソスbソスNソスXソスソス@ソスヘ、ソスソスソスソスソスフ難ソスソスソスソスレ托ソスソスノゑソスソス\ソスtソスgソスEソスFソスAソスソスsソスソスソスソスノゑソスソスソスAソスソスソス驍「ソスヘクソスソスソスbソスVソスソスソスソスソスソスソスソスソス@ソスソスソスgソスpソスソスソスト、ソスソスソスソスソスソスヤの抵ソスソスソスソスソスソス閧キソス驍アソスニゑソスソスツ能ソスナゑソスソスBソスソスソスソスソスソスソスAソスノ端ソスノ趣ソスソスヤの趣ソスtソスソスソスソスソスソスソスソスソスソスソスソスソスソスヤは鯉ソスソスoソスソスソスソスソスソスナゑソスソスB

ソスzソスソスソスCソスgソス{ソスbソスNソスX
ソスソスハ的ソスネ具ソスソスソスソスソスヤは、Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367) ソスソスADouble-Checked Locking (CWE-609) ソスフようソスネ、ソスzソスソスソスCソスgソス{ソスbソスNソスXソスノゑソス髟ェソスヘで鯉ソスソスoソスツ能ソスナゑソスソスB

ソスソスソスソスソスソスソスIソスソスソスソス
ソス{ソスニ弱性ソスヘ、ソスtソス@ソスYソスeソスXソスg(ソスtソス@ソスWソスソスソスO)ソスAソスソスソスoソスXソスgソスlソスXソスeソスXソスg(ソス謖抵ソスソスソスフテソスXソスg)ソスソスAソスtソスHソス[ソスソスソスgソスCソスソスソスWソスFソスNソスVソスソスソスソス(ソスGソスソスソス[ソスソスソスざソスニ起ソスソスソスソスソスeソスXソスg)ソスソスソスAソスソスソス多ソスlソスネ難ソスソスヘゑソスソスソスソスツ膨ソスソスネテソスXソスgソスPソス[ソスXソスソスソスgソスpソスソスソストソソスtソスgソスEソスFソスAソス分析ゑソスソスソスAソスソスソスIソスネツソス[ソスソスソスソスZソスpソスソスpソスソスソスト鯉ソスソスoソスソスソス驍アソスニゑソスソスツ能ソスナゑソスソスB
ソス\ソスtソスgソスEソスFソスAソスフ擾ソスソスソスソスソスソスxソスヘ低下ソスソスソスワゑソスソスソスソスAソスソスソスソスソスソスソスsソスソスソスソスノなゑソスソスソスソスソスAソスNソスソスソスbソスVソスソスソスソスソスソスAソスsソスソスソスmソスネ鯉ソスソスハゑソスソスoソスソスソスニゑソスソスソスソスソスソスニはゑソスソスソスワゑソスソスソスB
ソスソスソスソスソスソスヤは、ソスcソスソスネ撰ソスソスフスソスソスソスbソスhソスソスvソスソスソスZソスXソスソスソス逑ッソスソスソスノソソスtソスgソスEソスFソスAソスソスソストび出ソスソスソスAソス\ソスソスソスソスソスネゑソスソスモゑソスワゑソスソスフ抵ソスソスソスソスTソスソスソスAソスXソスgソスソスソスXソスeソスXソスgソスノゑソス闌滂ソスoソスツ能ソスナゑソスソスB ソスソスソスソスソスソスソス骼橸ソスヤゑソスlソスHソスIソスノ抵ソスソスソスソスソスソスソスソスAソスヨ連ソスソスソスソスRソス[ソスhソスソスソスフ間にブソスソスソスCソスNソス|ソスCソスソスソスgソスフ挿ソスソスソスソスxソスソスソス発撰ソスソスソスソスソスソス驍アソスニにゑソスソスAソス{ソスニ弱性ソスソスソスソスソスoソスソスソス竄キソスソスソスソスソスワゑソスソスB

ソスLソスソスソスソスソスFソスソス

ソスニ趣ソスネコソス[ソスhソスソス

ソスソス 1:

 

ソスネ会ソスソスフ暦ソスヘ、ソスソスsソスソスソスソスソスヤの托ソスソスソスソスソスソスソスソスソスソスTソス|ソス[ソスgソスソスソスソスdソスqソスソスソスソスソスソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスフコソス[ソスhソスナゑソスソスBソスソスソスvソスソスソスソスソスzソスソスソス謫セソスソスソスト新ソスソスソスソスソスソスソスソスソスヨ托ソスソスソスソスソスソスAソスソスソスソスソスソスソスフ鯉ソスソスソスソスソスソスソスAソスソスソスフ具ソスソスzソスソスソスソスソスソスソスソスソスソスソスソスソスフでゑソスソスB

Example Language: Perl (Bad Code) 
$transfer_amount = GetTransferAmount();
$balance = GetBalanceFromDatabase();


if ($transfer_amount < 0) {
FatalError("Bad Transfer Amount");
}
$newbalance = $balance - $transfer_amount;
if (($balance - $transfer_amount) < 0) {
FatalError("Insufficient Funds");
}
SendNewBalanceToDatabase($newbalance);
NotifyUser("Transfer of $transfer_amount succeeded.");
NotifyUser("New balance: $newbalance");
ソスソスソスフ暦ソスナは、GetBalanceFromDatabase() ソスソス SendNewBalanceToDatabase() ソスフ呼び出ソスソスソスヤで具ソスソスソスソスソスヤゑソスソスソスソスソスソスソスソスソスツ能ソスソスソスソスソスソスソスソスワゑソスソスBソス痰ヲソスソスWeb ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスソスソスナ包ソスソスソスソスフソスソスNソスGソスXソスgソスソスソス成ソスソスソスソスネどの趣ソスiソスナ、ソスソスソスソスフソスソス[ソスUソスソスソスソスソスフプソスソスソスOソスソスソスソスソス複撰ソスソスソスAソスソスソスソスソスノ呼び出ソスソスソスソスソス鼾ソスAソスネ会ソスソスフ様ソスネ攻ソスソスソスソスソスツ能ソスナゑソスソスB

ソスソスソスソスソスソスソスソスソスcソスソスソスソスソスソスソスソスソスl 100.00 ソスニ会ソスソス閧オソスワゑソスソスB
ソスUソスソスソスメはゑソスソスフプソスソスソスOソスソスソスソスソス同趣ソスソスノ呼び出ソスソスソスソスソス゚、ソスソスソスソスフソスソス[ソスUソスAソスJソスEソスソスソスgソスナ「CALLER-1ソスvソスソスソスソスム「CALLER-2ソスvソスソスソス成ソスソスソスワゑソスソスB
CALLER-1(ソスUソスソスソスソス)ソスソス PROGRAM-1( CALLER-1 ソス操作すソスソスCソスソスソスXソス^ソスソスソスX)ソスニ鯉ソスソスムつゑソスソストゑソスソスソスACALLER-2 ソスソス PROGRAM-2 ソスニ鯉ソスソスムつゑソスソストゑソスソスワゑソスソスB

CALLER-1 ソスソス 80.00 ソス送具ソスソスソスソス驛奇ソスNソスGソスXソスgソスソスソス成ソスソスソスワゑソスソスB PROGRAM-1 ソスソス GetBalanceFromDatabase ソスソスソストび出ソスソスソスニ、$balance ソスフ値ソスソス 100.00ソスノ設定さソスソスワゑソスソスB PROGRAM-1 ソスソス $newbalance ソスソス 20.00 ソスニ計ソスZソスソスソスASendNewBalanceToDatabase() ソスソスソストび出ソスソスソスワゑソスソスソスソスAソスTソス[ソスoソスノ大きソスネ包ソスソスラゑソスソスソスソスソスソスソストび出ソスソスソスノ遅ソス黷ェソスソスソスソスソスワゑソスソスB
CALLER-2 ソスヘ、1.00 ソス送具ソスソスソスソス驛奇ソスNソスGソスXソスgソスソスソス成ソスソスソスワゑソスソスB
PROGRAM-2 ソスソス GetBalanceFromDatabase() ソスヨ撰ソスソスソスソストび出ソスソスソスワゑソスソスソスソスAPROGRAM-1 ソスフソスソスNソスGソスXソスgソスフ擾ソスソスソスソスソスソスA$balance ソスフ値ソスソス 100.00 ソスニなゑソスワゑソスソスB
PROGRAM-2 ソスソス $newbalance ソスソス 99.00 ソスニ計ソスZソスソスソスワゑソスソスB

ソスソスソスソスソスソスソスxソスソストゑソスソスソス PROGRAM-1 ソスソス $balance ソスソスソスfソス[ソス^ソスxソス[ソスXソスノ托ソスソスMソスソス 20.00 ソスノ変更ソスソスソスワゑソスソスB

PROGRAM-2 ソスヘデソス[ソス^ソスxソス[ソスXソスソスソスXソスVソスソスソス驍スソス゚に、ソスソスソスソスソスソスソスソスソスcソスソスソスソス 99.00 ソスノ設定しソスソスソスソスソスNソスGソスXソスgソス送信ソスソスソスワゑソスソスB

ソス{ソスソスソスナゑソスソスソスホ、PROGRAM-1 ソスソス PROGRAM-2 ソスナ搾ソスソスvソスソスソスソス 81.00 ソス送具ソスソスソスソスソスソスソスソス゚、ソスUソスソスソスメの搾ソスソスソスソスソスソスソスソスcソスソス ソスソス 19.00 ソスニなゑソスワゑソスソスBソスソスソスソスソスソスソスAソスソスソスソスソスソスヤにゑソスソスAソスfソス[ソス^ソスxソス[ソスXソスソスフ搾ソスソスソスソスソスソスソスソスcソスソスソスソス 99.00 ソスニ記ソス^ソスソスソスソスワゑソスソスB

ソス{ソスニ弱性ソスフ防ソス~ソスソスニゑソスソストは、Web ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスノ対ゑソスソス髟。ソスソスソスフ難ソスソスソスソスソスソスNソスGソスXソスgソスソスソスユ断ソスソスソス驛搾ソスbソスNソスフ使ソスpソスAGetBalanceFromDatabase() ソスヨ撰ソスソスソス SendNewBalanceToDatabase() ソスヨ撰ソスソスフ間の全ソストのコソス[ソスhソスソスソスワむ難ソスソスソスソスソスソスJソスjソスYソスソスソスフ使ソスpソスネどゑソスソスソスソスソスソスソスソスワゑソスソスB

 

ソスソス 2:

 

ソスネ会ソスソスフ関撰ソスソスヘ、ソスソスソスLソスソスソス\ソス[ソスXソスソスナ托ソスソスソスソスソスソスソスsソスソスソス驍スソス゚に、ソスソスソスbソスNソスソスソスソスソスソスソス謔、ソスニゑソスソスソスソスソスフでゑソスソスB

ソスTソスソスソスvソスソスソスソスソスソスF C ソスiソスソスソスソスソスソスj 
void f(pthread_mutex_t *mutex) {
pthread_mutex_lock(mutex);

/* access shared resource */

pthread_mutex_unlock(mutex);
}

ソスソスソスフコソス[ソスhソスヘ、pthread_mutex_lock()ソスフ返ゑソスlソスフ確ソスFソスソスソスsソスソスソストゑソスソス轤クソスAソスGソスソスソス[ソスソスソスソスソスoソスナゑソスソスワゑソスソスソスBpthread_mutex_lock() ソスソスソス~ソスソスソス[ソスeソスbソスNソスXソスフ取得ソスノ趣ソスソスsソスソスソスソスソス鼾ソスAソスvソスソスソスOソスソスソスソスソスヘ具ソスソスソスソスソスヤに陥ゑソスAソス\ソスソスソスソスソスネゑソスソスモゑソスワゑソスソスソスソスソスソスワゑソスソスB

ソスfソス[ソス^ソスフ具ソスソスソスソスソスKソスリに会ソスソスソスソスソス驍スソス゚には、ソス復ゑソスソス驍「ソスヘ擾ソスハ層ソスヨのソスソス|ソス[ソスgソスソスソスKソスvソスナゑソスソスBソスソスソスソスソスソスフ対擾ソスソスソスソスsソスソスソス鼾ソスナゑソスソスAソスvソスソスソスOソスソスソスソスソスヘスソスソスソスbソスhソスソスソスソスソスヨ撰ソスソスフ鯉ソスソスハゑソスソスmソスFソスソスソスAソスKソスリに全ソストのエソスソスソス[ソスソスソスソスソスソスソスソスソスソスラゑソスソスナゑソスソスB

ソスiソスヌゑソスソスソスj 
int f(pthread_mutex_t *mutex) {
int result;

result = pthread_mutex_lock(mutex);
if (0 != result)
return result;

/* access shared resource */

return pthread_mutex_unlock(mutex);
}
ソスc

 

ソスソスソスソスソスソスソス黷スソスソスソスソス

 

ソスQソスソス ソスレ搾ソス
CVE-2008-5044 Race condition leading to a crash by calling a hook removal procedure while other activities are occurring at the same time.
CVE-2008-2958 chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.
CVE-2008-1570 chain: time-of-check time-of-use (TOCTOU) race condition in program allows bypass of protection mechanism that was designed to prevent symlink attacks.
CVE-2008-0058 Unsynchronized caching operation enables a race condition that causes messages to be sent to a deallocated object.
CVE-2008-0379 Race condition during initialization triggers a buffer overflow.
CVE-2007-6599 Daemon crash by quickly performing operations and undoing them, which eventually leads to an operation that does not acquire a lock.
CVE-2007-6180 chain: race condition triggers NULL pointer dereference
CVE-2007-5794 Race condition in library function could cause data to be sent to the wrong process.
CVE-2007-3970 Race condition in file parser leads to heap corruption.
CVE-2008-5021 chain: race condition allows attacker to access an object while it is still being initialized, causing software to access uninitialized memory.
CVE-2009-4895 chain: race condition for an argument value, possibly resulting in NULL dereference
CVE-2009-3547 chain: race condition might allow resource to be released before operating on it, leading to NULL dereferenc

 

ソスソスQソスフ緩和ソスソス

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

ソスソスソスソスノゑソスソスTソス|ソス[ソスgソスソスソスソストゑソスソスソス鼾ソスヘ、ソスソスソスソスソスソス{ソスソスソス゚(synchronization primitiveソスjソスソスソスgソスpソスソスソスト会ソスソスソスソスソスソスBソスpソスtソスHソス[ソス}ソスソスソスXソスヨの影ソスソスソスソスソスナ擾ソスソスソスソスニゑソスソス驍スソス゚、ソスdソスvソスネコソス[ソスhソスフみに適ソスpソスソスソスト会ソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

Spring ソスtソスソスソス[ソスソスソスソスソス[ソスNソスソス data access abstraction ソスネど、ソスXソスソスソスbソスhソスZソス[ソスtソスネ機ソス\ソスソスソスgソスpソスソスソスト会ソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計

ソスソスソスソスtソスソスソス[ソスフ包ソスソスGソスソスソスソスソスツ能ソスネ鯉ソスソスソスソス闖懶ソスソスソスAソス\ソスソスソスソスソスネゑソスソスソスヤに陥ゑソスツ能ソスソスソスソス瘡クソスソスソスソスソス驍スソス゚に、ソスソスソスLソスソスソス\ソス[ソスXソスフ使ソスpソスソスソスナ擾ソスソスノゑソスソストゑソスソスソスソスソスソスソスソスB
ソスソスソスソスソスト、ソスソスソスフ趣ソスiソスヘ、ソスソスソスソスソスソスKソスvソスニゑソスソスソスモ擾ソスソスソスソスナ擾ソスソスソスソスソスソスAソスUソスソスソスメゑソスソスJソスソスヤゑソスソスNソスソスソスeソスBソスJソスソスソスZソスNソスVソスソスソスソスソスソスソスソスソスsソスソスソス驍アソスニにゑソス阡ュソスソスソスソスソスソス DoS ソスフ可能ソスソスソスソス瘡クソスソスソス竄キソスソスソスソスソスワゑソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソス}ソスソスソス`ソスXソスソスソスbソスhソスソスソスgソスpソスソスソスソス鼾ソスソスAソスソスソスLソスマ撰ソスソスフ托ソスソスソスナは、ソスXソスソスソスbソスhソスZソス[ソスtソスネ関撰ソスソスフみゑソスソスgソスpソスソスソスト会ソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソスソスソスLソスマ撰ソスソスヘアソスgソス~ソスbソスNソスソスソスソスソスソスsソスソスソスト会ソスソスソスソスソスソスB x++ ソスフ様ソスネコソスソスソスXソスgソスソスソスNソス^ソスソスソスAソスlソスフ読み搾ソスソスンとゑソスソスフ鯉ソスフ擾ソスソスソスソスソスソスンゑソスソスハ々ソスフ厄ソスソス゚で行ソスソスソスAソスAソスgソス~ソスbソスNソスナはなゑソスソスフで抵ソスソスモゑソスソスKソスvソスナゑソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソスツ能ソスナゑソスソスソスホミソスソスソス[ソスeソスbソスNソスXソスソスソスgソスpソスソスソスト会ソスソスソスソスソスソスBソスソスソスフ際は、CWE-412 ソスソスソスフミソスソスソス[ソスeソスbソスNソスXソスフ使ソスpソスノ関連ソスソスソスソスニ弱性ソスソスソスソスソスソスト会ソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソスソスソスソスソスノゑソスソスIソス[ソスoソスwソスbソスhソスフ会ソスソスソスナ費ソスソスソスソスソスソスソス double-checked locking (CWE-609) ソスソスソスソスムゑソスソスフ托ソスソスフ趣ソスソスソスソスGソスソスソス[ソスソスソスソスソスソスソスソスト会ソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソスRソス[ソスhソスフ重ソスvソスネ包ソスソスソスソスナの奇ソスソス闕橸ソスン、ソスワゑソスソスヘシソスOソスiソスソスソス無鯉ソスソスソスソスソスソスト会ソスソスソスソスソスソスBソスソスソスソスソスソスソスAソスRソス[ソスhソスソスソス蛯ォソスネソスソス[ソスvソスワゑソスソスヘ厄ソスソスソスソスソスソス[ソスvソスノなゑソスネゑソスソスソスソスニゑソスソスmソスFソスソスソスト会ソスソスソスソスソスソスB

ソスtソスFソス[ソスYソスFソスソスソスソス

ソスRソスソスソスpソスCソスソスソスノゑソスソス\ソスソスソスソスソスネゑソスソスナ適ソスソスソスワゑソスソスヘ再撰ソスソスソスソスソスソスソスソスソスソスソス驍スソス゚、ソスdソスvソスネ変撰ソスソスノつゑソスソストは奇ソスソスソスソスソスソスフ修ソスソスソスqソスソスソスgソスpソスソスソスト会ソスソスソスソスソスソスBソスソスソスフ包ソスソス@ソスヘ、ソスソスソスソスソスソスソスソスKソスソスソスソスソスソスソスソスソスソスソスソスソスソスけソスナはゑソスソスソスワゑソスソスが、ソスLソスソスソスネ対搾ソスナゑソスソスB

ソスtソスFソス[ソスYソスFソスAソス[ソスLソスeソスNソス`ソスソスソスソスソスソスム設計ソスAソスIソスyソスソスソス[ソスVソスソスソスソス

ソス略ソスF ソスツ具ソスソスフ具ソスソスソス
ソスKソスvソスネタソスXソスNソスソスソスソスソスsソスソスソス驍スソス゚に具ソスソス゚ゑソスソスソスナ擾ソスソスソスソスフ鯉ソスソスソスソスソスソスgソスpソスソスソストコソス[ソスhソスソスソスソスソスsソスソスソストゑソスソスソスソスソスソスソスソスBソスツ能ソスナゑソスソスソスホ、ソスソスツのタソスXソスNソスフみに使ソスpソスソスソスソスソスAソスソスソスソスソスソスソスソスソス閧オソスソスソスPソスニのアソスJソスEソスソスソスgソスソスソス成ソスソスソストゑソスソスソスソスソスソスソスソスBソスソスソスソスノゑソスソスAソスUソスソスソスソスソスソスソスソスソスソスソスソスソス鼾ソスナゑソスソスAソスソスソスソスソスノ托ソスソスフソソスtソスgソスEソスFソスAソス竄サソスフ環具ソスソスヨアソスNソスZソスXソスソスソスソス驍アソスニは防ソスソスソスソスソスニゑソスソスナゑソスソスワゑソスソスBソス痰ヲソスホ、ソスソスソスノ難ソスソスソスIソスネオソスyソスソスソス[ソスVソスソスソスソスソスノゑソスソスソスソスト、ソス゚ゑソスソスソスソスノデソス[ソス^ソスxソス[ソスXソスフ管暦ソスソスメ鯉ソスソスソスソスソスKソスvソスニゑソスソスネゑソスソスfソス[ソス^ソスxソス[ソスXソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスソスソスソスソスソスソスソスソスワゑソスソスB

ソスヨ係ソスソス

 

Nature Type ID Name View(s) this relationship pertains to
ChildOf Category 361 Time and State Development Concepts (primary)699
ChildOf Category 743 CERT C Secure Coding Section 09 - Input Output (FIO) Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734
ChildOf Category 751 2009 Top 25 - Insecure Interaction Between Components Weaknesses in the 2009 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)750
ChildOf Category 801 2010 Top 25 - Insecure Interaction Between Components Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors(primary)800
ChildOf Weakness Base 821 Incorrect Synchronization Research Concepts (primary)1000
RequiredBy Compound Element: Composite 61 UNIX Symbolic Link (Symlink) Following Research Concepts1000
RequiredBy Compound Element: Composite 689 Permission Race Condition During Resource Copy Research Concepts1000
ParentOf Weakness Base 364 Signal Handler Race Condition Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 366 Race Condition within a Thread Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 367 Time-of-check Time-of-use (TOCTOU) Race Condition Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 368 Context Switching Race Condition Development Concepts (primary)699
Research Concepts (primary)1000
ParentOf Weakness Base 421 Race Condition During Access to Alternate Channel Development Concepts699
Research Concepts1000
ParentOf Weakness Base 421 Race Condition During Access to Alternate Channel Development Concepts699
MemberOf View 635 Weaknesses Used by NVD Weaknesses Used by NVD (primary)635
CanFollow Weakness Base 609 Double-Checked Locking Development Concepts699
Research Concepts1000
CanFollow Weakness Base 662 Improper Synchronization Development Concepts699
Research Concepts1000
CanAlsoBe Category 557 Research Concepts1000 Research Concepts1000

 

ソスvソスソスソスソスソスソスソスソス ソスiCWE ソスフ鯉ソスソスソスソスj

Web ソスAソスvソスソスソスPソス[ソスVソスソスソスソスソスノゑソスソスソスソス驪」ソスソスソスソスヤにつゑソスソストは鯉ソスソスソスソスソスソスナゑソスソスソスAソスソスソス告でゑソスソスB2008ソスNソスノは、ソスソスソスフ領茨ソスヨの大きソスネ関心ソスソスソスせゑソスソスワゑソスソスソスソスB
ソスソスソスソスソスソスヤの鯉ソスソスソスソスフ托ソスソスソスソスヘ、Time-of-check Time-of-use (TOCTOU) variants (CWE-367) ソスノ焦点ソス当ててゑソスソスワゑソスソスソスソスAソス`ソスFソスbソスNソスフ趣ソスソスヤゑソスKソスvソスニゑソスソスネゑソスソスソスソスソスソスソスヤゑソスソスソスソスソスソスソスソスンゑソスソスワゑソスソスB

ソスソスソスgソスDソスナの包ソスソスソス

 

ソスgソスDソスソスソスワゑソスソスヘ組ソスDソスナの包ソスソスソス ソスmソス[ソスh ID CWEソスフ包ソスソズとの適ソスソスソスx ソスソスソズ厄ソス
PLOVER Race Conditions
CERT C Secure Coding FIO31-C Do not simultaneously open the same file multiple times

 

ソスヨ連ソスソスソスソスUソスソスソスpソス^ソス[ソスソス

 

CAPEC-ID ソスUソスソスソスpソス^ソス[ソスソスソスソス (CAPEC Version 1.5)
26 Leveraging Race Conditions
29 Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions

 

ソスQソスソス

[REF-17] Michael Howard, David LeBlanc and John Viega. "24 Deadly Sins of Software Security". "Sin 13: Race Conditions." Page 205. McGraw-Hill. 2010. 
Andrei Alexandrescu. "volatile - Multithreaded Programmer's Best Friend". Dr. Dobb's. 2008-02-01. <http://www.ddj.com/cpp/184403766>.
Steven Devijver. "Thread-safe webapps using Spring". <http://www.javalobby.org/articles/thread-safe/index.jsp>.
David Wheeler. "Prevent race conditions". 2007-10-04. <http://www.ibm.com/developerworks/library/l-sprace.html>.
Matt Bishop. "Race Conditions, Files, and Security Flaws; or the Tortoise and the Hare Redux". September 1995. <http://www.cs.ucdavis.edu/research/tech-reports/1995/CSE-95-9.pdf>.
David Wheeler. "Secure Programming for Linux and Unix HOWTO". 2003-03-03. <http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/avoid-race.html>.
Blake Watts. "Discovering and Exploiting Named Pipe Security Flaws for Fun and Profit". April 2002. <http://www.blakewatts.com/namedpipepaper.html>.
Roberto Paleari, Davide Marrone, Danilo Bruschi and Mattia Monga. "On Race Vulnerabilities in Web Applications". <http://security.dico.unimi.it/~roberto/pubs/dimva08-web.pdf>.
"Avoiding Race Conditions and Insecure File Operations". Apple Developer Connection. <http://developer.apple.com/documentation/Security/Conceptual/SecureCodingGuide/Articles/RaceConditions.html>.
Johannes Ullrich. "Top 25 Series - Rank 25 - Race Conditions". SANS Software Security Institute. 2010-03-26. <http://blogs.sans.org/appsecstreetfighter/2010/03/26/top-25-series-rank-25-race-conditions/>.

ソスロ趣ソス竭ォ

ソスソスソスソスソスソスヤと、ソスソスソスソスソスソスソスフ厄ソスソス (CWE-662) ソスニの関係ソスソスソスノつゑソスソストは、ソスレ細ゑソスソスソスソス轤ゥソスノなゑソスソストゑソスソスワゑソスソスソスBソスソスソスソスソスヘ具ソスソスソスソスソスヤゑソスソスソスソスソスソスZソスpソスフ茨ソスツに過ゑソスソスソスソスAソスソスソスソスソスソスヤゑソスhソスソスソスネ外ソスフ目的ソスノゑソスソスgソスpソスソスソスソストゑソスソスワゑソスソスB

ソスXソスVソスソスソスソス

[2011ソスN04ソスソス21ソスソス]
  2010ソスN10ソスソス12ソスソスソスソスソス_ソスフデソス[ソス^ソスソスソスソスソスノ更ソスV
[2009ソスN06ソスソス29ソスソス]
  2009ソスN02ソスソス02ソスソスソスソスソス_ソスフ会ソスソスL URL ソスソスソスソスソスノ作成
    http://cwe.mitre.org/data/definitions/362.html

ソスoソス^ソスソス 2011/04/21

ソスナ終ソスXソスVソスソス 2023/04/04

OSZAR »