CWE-664: Improper Control of a Resource Through its Lifetime
Description
The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
Submission Date :
April 11, 2008, midnight
Modification Date :
2023-10-26 00:00:00+00:00
Organization :
MITRE
Extended Description
Resources often have explicit instructions on how to be created, used and destroyed. When code does not follow these instructions, it can lead to unexpected behaviors and potentially exploitable states.
Even without explicit instructions, various principles are expected to be adhered to, such as "Do not use an object until after its creation is complete," or "do not use an object after it has been slated for destruction."
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
CWE-118: Incorrect Access of Indexable Resource ('Range Error')
CWE-221: Information Loss or Omission
CWE-372: Incomplete Internal State Distinction
CWE-400: Uncontrolled Resource Consumption
CWE-404: Improper Resource Shutdown or Release
CWE-410: Insufficient Resource Pool
CWE-471: Modification of Assumed-Immutable Data (MAID)
CWE-487: Reliance on Package-level Scope
CWE-495: Private Data Structure Returned From A Public Method
CWE-496: Public Data Assigned to Private Array-Typed Field
CWE-501: Trust Boundary Violation
CWE-580: clone() Method Without super.clone()
CWE-610: Externally Controlled Reference to a Resource in Another Sphere
CWE-662: Improper Synchronization
CWE-665: Improper Initialization
CWE-666: Operation on Resource in Wrong Phase of Lifetime
CWE-668: Exposure of Resource to Wrong Sphere
CWE-669: Incorrect Resource Transfer Between Spheres
CWE-673: External Influence of Sphere Definition
CWE-704: Incorrect Type Conversion or Cast
CWE-706: Use of Incorrectly-Resolved Name or Reference
CWE-911: Improper Update of Reference Count
CWE-913: Improper Control of Dynamically-Managed Code Resources
CWE-922: Insecure Storage of Sensitive Information
CWE-1229: Creation of Emergent Resource
CWE-1250: Improper Preservation of Consistency Between Independent Representations of Shared State
CWE-1329: Reliance on Component That is Not Updateable
Visit http://cwe.mitre.org/ for more details.