CWE-663: Use of a Non-reentrant Function in a Concurrent Context
The product calls a non-reentrant function in a concurrent context in which a competing code sequence (e.g. thread or signal handler) may have an opportunity to call the same function or otherwise influence its state.
Last updated
Overview
CWE-663 (Use of a Non-reentrant Function in a Concurrent Context) is a base-level software weakness catalogued by MITRE in the Common Weakness Enumeration (CWE). It describes a recurring type of mistake that can lead to exploitable security vulnerabilities.
Common consequences
What can happen when CWE-663 is exploited.
Modify Memory, Read Memory, Modify Application Data, Read Application Data, Alter Execution Logic
Affects: Integrity, Confidentiality, Other
How it happens
When it is introduced
Typically introduced during these phases of the software lifecycle.
Applies to
Languages
How to prevent it
Practical mitigations for CWE-663, grouped by where in the lifecycle they apply.
Use reentrant functions if available.