CWE-664: Improper Control of a Resource Through its Lifetime

Description

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

Submission Date :

April 11, 2008, midnight

Modification Date :

2023-10-26 00:00:00+00:00

Organization :

MITRE
Extended Description

Resources often have explicit instructions on how to be created, used and destroyed. When code does not follow these instructions, it can lead to unexpected behaviors and potentially exploitable states.

Even without explicit instructions, various principles are expected to be adhered to, such as "Do not use an object until after its creation is complete," or "do not use an object after it has been slated for destruction."

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-118: Incorrect Access of Indexable Resource ('Range Error')
Go to
CWE-221: Information Loss or Omission
Go to
CWE-372: Incomplete Internal State Distinction
Go to
CWE-400: Uncontrolled Resource Consumption
Go to
CWE-404: Improper Resource Shutdown or Release
Go to
CWE-410: Insufficient Resource Pool
Go to
CWE-471: Modification of Assumed-Immutable Data (MAID)
Go to
CWE-487: Reliance on Package-level Scope
Go to
CWE-495: Private Data Structure Returned From A Public Method
Go to
CWE-496: Public Data Assigned to Private Array-Typed Field
Go to
CWE-501: Trust Boundary Violation
Go to
CWE-580: clone() Method Without super.clone()
Go to
CWE-610: Externally Controlled Reference to a Resource in Another Sphere
Go to
CWE-662: Improper Synchronization
Go to
CWE-665: Improper Initialization
Go to
CWE-666: Operation on Resource in Wrong Phase of Lifetime
Go to
CWE-668: Exposure of Resource to Wrong Sphere
Go to
CWE-669: Incorrect Resource Transfer Between Spheres
Go to
CWE-673: External Influence of Sphere Definition
Go to
CWE-704: Incorrect Type Conversion or Cast
Go to
CWE-706: Use of Incorrectly-Resolved Name or Reference
Go to
CWE-911: Improper Update of Reference Count
Go to
CWE-913: Improper Control of Dynamically-Managed Code Resources
Go to
CWE-922: Insecure Storage of Sensitive Information
Go to
CWE-1229: Creation of Emergent Resource
Go to
CWE-1250: Improper Preservation of Consistency Between Independent Representations of Shared State
Go to
CWE-1329: Reliance on Component That is Not Updateable
Go to

Visit http://cwe.mitre.org/ for more details.