CAPEC Details
Name Forced Deadlock
Likelyhood of attack Typical severity
Low High
Summary The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.
Prerequisites The target host has a deadlock condition. There are four conditions for a deadlock to occur, known as the Coffman conditions. [REF-101] The target host exposes an API to the user.
Execution Flow
Step Phase Description Techniques
1 Explore The adversary initiates an exploratory phase to get familiar with the system.
2 Explore The adversary triggers a first action (such as holding a resource) and initiates a second action which will wait for the first one to finish.
3 Explore If the target program has a deadlock condition, the program waits indefinitely resulting in a denial of service.
Solutions Use known algorithm to avoid deadlock condition (for instance non-blocking synchronization algorithms). For competing actions, use well-known libraries which implement synchronization.
Related Weaknesses
CWE ID Description
CWE-412 Unrestricted Externally Accessible Lock
CWE-567 Unsynchronized Access to Shared Data in a Multithreaded Context
CWE-662 Improper Synchronization
CWE-667 Improper Locking
CWE-833 Deadlock
CWE-1322 Use of Blocking Code in Single-threaded, Non-blocking Context