CAPEC-25 Forced Deadlock – Attack Pattern Analysis

CAPEC-25 Metadata

Likelihood of Attack

Low

Typical Severity

High

Overview

Summary

The adversary triggers and exploits a deadlock condition in the target software to cause a denial of service. A deadlock can occur when two or more competing actions are waiting for each other to finish, and thus neither ever does. Deadlock conditions can be difficult to detect.

Prerequisites

The target host has a deadlock condition. There are four conditions for a deadlock to occur, known as the Coffman conditions. [REF-101] The target host exposes an API to the user.

Execution Flow

Step	Phase	Description
1	Explore	The adversary initiates an exploratory phase to get familiar with the system.
2	Explore	The adversary triggers a first action (such as holding a resource) and initiates a second action which will wait for the first one to finish.
3	Explore	If the target program has a deadlock condition, the program waits indefinitely resulting in a denial of service.

Potential Solutions / Mitigations

Use known algorithm to avoid deadlock condition (for instance non-blocking synchronization algorithms). For competing actions, use well-known libraries which implement synchronization.

Related Weaknesses (CWE)

CWE ID	Description
CWE-412	Unrestricted Externally Accessible Lock
CWE-567	Unsynchronized Access to Shared Data in a Multithreaded Context
CWE-662	Improper Synchronization
CWE-667	Improper Locking
CWE-833	Deadlock
CWE-1322	Use of Blocking Code in Single-threaded, Non-blocking Context

Taxonomy Mappings

Taxonomy: ATTACK

Entry ID	Entry Name
1499.004	Endpoint Denial of Service: Application or System Exploitation

Stay Ahead of Attack Patterns

Understanding CAPEC patterns helps security professionals anticipate and thwart potential attacks. Leverage these insights to enhance threat modeling, strengthen your software development lifecycle, and train your security teams effectively.