CWE-543: Use of Singleton Pattern Without Synchronization in a Multithreaded Context

Export to Word

Description

The product uses the singleton pattern when creating a resource within a multithreaded environment.

Extended Description

The use of a singleton pattern may not be thread-safe.


ThreatScore

Threat Mapped score: 1.8

Industry: Finiancial

Threat priority: P4 - Informational (Low)


Observed Examples (CVEs)

Related Attack Patterns (CAPEC)

N/A


Attack TTPs

N/A

Modes of Introduction

Phase Note
Implementation N/A

Common Consequences

Potential Mitigations

Applicable Platforms


Demonstrative Examples

Intro: This method is part of a singleton pattern, yet the following singleton() pattern is not thread-safe. It is possible that the method will create two objects instead of only one.

Body: Consider the following course of events:

private static NumberConverter singleton; public static NumberConverter get_singleton() { if (singleton == null) { singleton = new NumberConverter(); } return singleton; }

Notes

← Back to CWE list