CWE-1096βSingleton Class Instance Creation without Proper Locking or Synchronization
PUBLISHEDweakness record
released 2019-01-03 Β· last modified 2025-12-11
Metadata
- CWE ID:
- CWE-1096
- Abstraction:
- Variant
- Structure:
- Simple
- Status:
- Incomplete
- Release Date:
- 2019-01-03
- Latest Modification Date:
- 2025-12-11
Weakness Name
Singleton Class Instance Creation without Proper Locking or Synchronization
Description
The product implements a Singleton design pattern but does not use appropriate locking or other synchronization mechanism to ensure that the singleton class is only instantiated once.
Common Consequences
- Scope:
- Other
- Impact:
- Reduce Reliability
- Notes:
- This issue can prevent the product from running reliably, e.g. by making the instantiation process non-thread-safe and introducing deadlock (CWE-833) or livelock conditions. If the relevant code is reachable by an attacker, then this reliability problem might introduce a vulnerability.