CWE-764
AllowedMultiple Locks of a Critical Resource
Abstraction: Base · Status: Incomplete
The product locks a critical resource more times than intended, leading to an unexpected state in the system.
2 vulnerabilities reference this CWE, most recent first.
GHSA-CG5M-P8PG-93CG
Vulnerability from github – Published: 2024-02-26 18:30 – Updated: 2025-03-27 12:30Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the !== used for comparison.
The risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute
{
"affected": [],
"aliases": [
"CVE-2024-0436"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-764"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-02-26T16:27:50Z",
"severity": "HIGH"
},
"details": "Theoretically, it would be possible for an attacker to brute-force the password for an instance in single-user password protection mode via a timing attack given the linear nature of the `!==` used for comparison.\n\nThe risk is minified by the additional overhead of the request, which varies in a non-constant nature making the attack less reliable to execute",
"id": "GHSA-cg5m-p8pg-93cg",
"modified": "2025-03-27T12:30:34Z",
"published": "2024-02-26T18:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0436"
},
{
"type": "WEB",
"url": "https://github.com/mintplex-labs/anything-llm/commit/3c859ba3038121b67fb98e87dc52617fa27cbef0"
},
{
"type": "WEB",
"url": "https://huntr.com/bounties/3e73cb96-c038-46a1-81b7-4d2215b36268"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-JRG3-GFJW-HM96
Vulnerability from github – Published: 2026-04-08 03:32 – Updated: 2026-07-09 15:31If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.
{
"affected": [],
"aliases": [
"CVE-2026-32283"
],
"database_specific": {
"cwe_ids": [
"CWE-764",
"CWE-770"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-04-08T02:16:03Z",
"severity": "HIGH"
},
"details": "If one side of the TLS connection sends multiple key update messages post-handshake in a single record, the connection can deadlock, causing uncontrolled consumption of resources. This can lead to a denial of service. This only affects TLS 1.3.",
"id": "GHSA-jrg3-gfjw-hm96",
"modified": "2026-07-09T15:31:58Z",
"published": "2026-04-08T03:32:14Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26447"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24762"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24761"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24470"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:24337"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23345"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23228"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23103"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:23102"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22937"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22714"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22713"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22709"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22485"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22450"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22423"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:22347"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:21769"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20609"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20608"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20607"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20571"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20570"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20569"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:20556"
},
{
"type": "WEB",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2026/cve-2026-32283.json"
},
{
"type": "WEB",
"url": "https://pkg.go.dev/vuln/GO-2026-4870"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/golang-announce/c/0uYbvbPZRWU"
},
{
"type": "WEB",
"url": "https://go.dev/issue/78334"
},
{
"type": "WEB",
"url": "https://go.dev/cl/763767"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2456338"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2026-32283"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7385"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:7291"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:36796"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34365"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34197"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34196"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:34192"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:33722"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29703"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29455"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29195"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:29035"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28074"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28047"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:28038"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:27076"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26636"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:26571"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19126"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:18032"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:18027"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17287"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17084"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:17075"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16875"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16102"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16101"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16024"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:16021"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:15980"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14391"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14200"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:14162"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11881"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11863"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11712"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11711"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11704"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11514"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:11507"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10704"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10219"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:10217"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19839"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19750"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19722"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19721"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19720"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19719"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19715"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19714"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19634"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19550"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19450"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19369"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19353"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19352"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19351"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19350"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19156"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19144"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19139"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19137"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19136"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19135"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19134"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19133"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:19132"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
Mitigation
When locking and unlocking a resource, try to be sure that all control paths through the code in which the resource is locked one or more times correspond to exactly as many unlocks. If the software acquires a lock and then determines it is not able to perform its intended behavior, be sure to release the lock(s) before waiting for conditions to improve. Reacquire the lock(s) before trying again.
No CAPEC attack patterns related to this CWE.