CWE-459: Incomplete Cleanup

Description

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

Submission Date :

July 19, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Example Vulnerable Codes

Example - 1

Stream resources in a Java application should be released in a finally block, otherwise an exception thrown before the call to close() would result in an unreleased I/O resource. In the example below, the close() method is called in the try block (incorrect).


InputStream is = new FileInputStream(path);byte b[] = new byte[is.available()];is.read(b);is.close();log.error("Something bad happened: " + t.getMessage());try {} catch (Throwable t) {}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-226: Sensitive Information in Resource Not Removed Before Reuse
Go to
CWE-404: Improper Resource Shutdown or Release
Go to
CWE-460: Improper Cleanup on Thrown Exception
Go to
CWE-568: finalize() Method Without super.finalize()
Go to

Visit http://cwe.mitre.org/ for more details.