Description
A product does not check to see if a lock is present before performing sensitive operations on a resource.
Potential Impact
Integrity, Availability
Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart
Mitigations & Prevention
Implement a reliable lock mechanism.
Detection Methods
- Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2004-1056 | Product does not properly check if a lock is present, allowing other attackers to access functionality. |
Related Weaknesses
Taxonomy Mappings
- PLOVER: — Missing Lock Check
- Software Fault Patterns: SFP19 — Missing Lock
Frequently Asked Questions
What is CWE-414?
CWE-414 (Missing Lock Check) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. A product does not check to see if a lock is present before performing sensitive operations on a resource.
How can CWE-414 be exploited?
Attackers can exploit CWE-414 (Missing Lock Check) to modify application data, dos: instability, dos: crash, exit, or restart. This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.
How do I prevent CWE-414?
Key mitigations include: Implement a reliable lock mechanism.
What is the severity of CWE-414?
CWE-414 is classified as a Base-level weakness (Medium abstraction). It has been observed in 1 real-world CVEs.