Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-821 (不正确的同步机制) — Vulnerability Class 11

11 vulnerabilities classified as CWE-821 (不正确的同步机制). AI Chinese analysis included.

CWE-821 represents a concurrency weakness where software fails to properly synchronize access to shared resources, leading to unpredictable states. This flaw typically arises when multiple threads or processes interact with the same data structure without adequate locking mechanisms or atomic operations. Attackers exploit this vulnerability by inducing race conditions, manipulating the timing of concurrent accesses to corrupt data integrity or bypass security checks. Such exploitation can result in privilege escalation, denial of service, or arbitrary code execution, particularly when the attacker can influence the shared resource’s state. To mitigate this risk, developers must implement robust synchronization primitives, such as mutexes, semaphores, or atomic variables, ensuring exclusive access during critical sections. Additionally, adopting thread-safe design patterns and conducting rigorous concurrency testing helps prevent these synchronization errors, maintaining system stability and security in multi-threaded environments.

MITRE CWE Description
The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource. If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the product. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.
Common Consequences (1)
Integrity, Confidentiality, OtherModify Application Data, Read Application Data, Alter Execution Logic
CVE IDTitleCVSSSeverityPublished
CVE-2026-21919 Junos OS and Junos OS Evolved: A high frequency of connecting and disconnecting NETCONF sessions causes management unavailability — Junos OS 6.5 Medium2026-04-09
CVE-2024-58133 chainMaker 安全漏洞 — chainmaker-go 4.0 Medium2025-04-06
CVE-2024-58131 FISCO BCOS 安全漏洞 — FISCO-BCOS 4.0 Medium2025-04-06
CVE-2024-58132 chainMaker 安全漏洞 — chainmaker-go 4.0 Medium2025-04-06
CVE-2024-6657 BLE peripheral DoS after few cycles of connect/disconnects — EFR32 BLE SDK 6.5 Medium2024-10-11
CVE-2024-4278 Incorrect Synchronization in GitLab — GitLab 5.5 Medium2024-09-26
CVE-2024-5755 Email Validation Bypass in lunary-ai/lunary — lunary-ai/lunary 5.3AIMediumAI2024-06-27
CVE-2024-1739 Case Insensitive Email Address Validation Vulnerability in lunary-ai/lunary — lunary-ai/lunary 7.5 -2024-04-16
CVE-2024-1902 Session Reuse Vulnerability in lunary-ai/lunary — lunary-ai/lunary 4.3AIMediumAI2024-04-10
CVE-2023-5088 Qemu: improper ide controller reset can lead to mbr overwrite — Red Hat Enterprise Linux 8 6.4 Medium2023-11-03
CVE-2022-1931 Incorrect Synchronization in polonel/trudesk — polonel/trudesk 8.8 -2022-05-31

Vulnerabilities classified as CWE-821 (不正确的同步机制) represent 11 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.