CWE-413 - Improper Resource Locking
- Abstraction:Base
- Structure:Simple
- Status:Draft
- Release Date:2006-07-19
- Latest Modification Date:2023-10-26
Weakness Name
Improper Resource Locking
Description
The product does not lock or does not correctly lock a resource when the product must have exclusive access to the resource.
When a resource is not properly locked, an attacker could modify the resource while it is being operated on by the product. This might violate the product's assumption that the resource will not change, potentially leading to unexpected behaviors.
Common Consequences
Scope: Integrity, Availability
Impact: Modify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart
Related Weaknesses
Genetic data site openSNP to close and delete data over privacy concerns
Verizon Call Filter API flaw exposed customers' incoming call history
GitHub expands security tools after 39 million secrets leaked in 2024
Royal Mail investigates data leak claims, no impact on operations
Police shuts down KidFlix child sexual exploitation platform
The Reality Behind Security Control Failures—And How to Prevent Them
Counterfeit Android devices found preloaded With Triada malware
Google Fixed Cloud Run Vulnerability Allowing Unauthorized Image Access via IAM Misuse
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2025-24983 Microsoft Windows Win32k Use-After-Free Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
CVE-2024-20953 Oracle Agile Product Lifecycle Management (PLM) Deserialization Vulnerability
InformationalContent-Type Header Missing
InformationalServer Leaks its Webserver Application via "Server" HTTP Response Header Field
HighPath Traversal
MediumFormat String Error