1. Home
  2. CWE Database
  3. CWE-1088
Base · Medium

CWE-1088: Synchronous Access of Remote Resource without Timeout

The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.

CWE-1088 · Base Level ·2 CVEs

Description

The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.

Potential Impact

Other

Reduce Reliability

Real-World CVE Examples

CVE IDDescription
CVE-2024-8062API endpoint performs a HEAD request without a timeout, allowing attackers to cause the server to hang
CVE-2024-8061development product for AI can make requests to external servers without timeouts and does not respond to other requests while waiting, allowing DoS

CWE-821: Incorrect Synchronization

The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resou...

Taxonomy Mappings

  • OMG ASCRM: ASCRM-RLB-19 —

Frequently Asked Questions

What is CWE-1088?

CWE-1088 (Synchronous Access of Remote Resource without Timeout) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The code has a synchronous call to a remote resource, but there is no timeout for the call, or the timeout is set to infinite.

How can CWE-1088 be exploited?

Attackers can exploit CWE-1088 (Synchronous Access of Remote Resource without Timeout) to reduce reliability. This weakness is typically introduced during the Architecture and Design phase of software development.

How do I prevent CWE-1088?

Follow secure coding practices, conduct code reviews, and use automated security testing tools (SAST/DAST) to detect this weakness early in the development lifecycle.

What is the severity of CWE-1088?

CWE-1088 is classified as a Base-level weakness (Medium abstraction). It has been observed in 2 real-world CVEs.