CWE-412: Unrestricted Externally Accessible Lock
low-riskThe product properly checks for the existence of a lock, but the lock can be externally controlled or influenced by an actor that is outside of the intended sphere of control.
Abstraction: Base
Common Consequences
Availability
→
DoS: Resource Consumption (Other)
Detection Methods
White Box
Automated code analysis techniques might not be able to reliably detect this weakness, since the application's behavior and general security model dictate which resource locks are critical. Interpretation of the weakness might require knowledge of the environment, e.g. if the existence of a file is used as a lock, but the file is created in a world-writable directory.
Real-World Examples (5)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2019-18269 | 9.8 | 0.4% | — |
| CVE-2023-22318 | 7.5 | 0.2% | — |
| CVE-2023-38505 | 7.5 | 0.2% | — |
| CVE-2019-11485 | 3.3 | 0.1% | — |
| CVE-2026-25612 | 6.5 | 0.0% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal