CWE-1096: Singleton Class Instance Creation without Proper Locking or Synchronization
The product implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once.
Last updated
Overview
CWE-1096 (Singleton Class Instance Creation without Proper Locking or Synchronization) is a variant-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-1096 is exploited.
Reduce Reliability
Affects: Other
This issue can prevent the product from running reliably, e.g. by making the instantiation process non-thread-safe and introducing deadlock (CWE-833) or livelock conditions. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Terminology & mappings
Mapped taxonomies
- OMG ASCRM (ASCRM-RLB-12)
Frequently asked questions
Common questions about CWE-1096.
- What is CWE-1096?
- The product implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once.
- What are the consequences of CWE-1096?
- Exploiting CWE-1096 can lead to: Reduce Reliability.
References
- MITRE CWE definition (CWE-1096) (opens in a new tab)
- CWE-1096 vulnerabilities on NVD (opens in a new tab)
- Learn: What is a CWE?
Weakness data is sourced from the MITRE CWE catalog (v4.20). CVE associations are aggregated and kept current by RadicalNotion.AI.
Stay ahead of CWE-1096
Get alerted the moment a new CWE-1096 vulnerability affects your stack, with AI-written analysis, severity context, and remediation guidance.