CWE-1322
Use of Blocking Code in Single-threaded, Non-blocking Context
The product uses a non-blocking model that relies on a single threaded process for features such as scalability, but it contains code that can block when it is invoked.
Mitigation
Phase: Implementation
Description:
- Generally speaking, blocking calls should be replaced with non-blocking alternatives that can be used asynchronously. Expensive computations should be passed off to worker threads, although the correct approach depends on the framework being used.
Mitigation
Phase: Implementation
Description:
- For expensive computations, consider breaking them up into multiple smaller computations. Refer to the documentation of the framework being used for guidance.
CAPEC-25: Forced Deadlock
The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.