CWE-666: Operation on Resource in Wrong Phase of Lifetime
Description
The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors.
Submission Date :
April 11, 2008, midnight
Modification Date :
2023-10-26 00:00:00+00:00
Organization :
MITRE
Extended Description
A resource's lifecycle includes several phases: initialization, use, and release. For each phase, it is important to follow the specifications outlined for how to operate on the resource and to ensure that the resource is in the expected phase. Otherwise, if a resource is in one phase but the operation is not valid for that phase (i.e., an incorrect phase of the resource's lifetime), then this can produce resultant weaknesses. For example, using a resource before it has been fully initialized could cause corruption or incorrect data to be used.
Example - 1
The following code shows a simple example of a double free vulnerability. Double free vulnerabilities have two common (and sometimes overlapping) causes: Although some double free vulnerabilities are not much more complicated than this example, most are spread out across hundreds of lines of code or even different files. Programmers seem particularly susceptible to freeing global variables more than once.
free(ptr);
char* ptr = (char*)malloc (SIZE);...if (abrt) {}...free(ptr);
Related Weaknesses
This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.
CWE-415: Double Free
CWE-593: Authentication Bypass: OpenSSL CTX Object Modified after SSL Objects are Created
CWE-605: Multiple Binds to the Same Port
CWE-664: Improper Control of a Resource Through its Lifetime
CWE-672: Operation on a Resource after Expiration or Release
CWE-826: Premature Release of Resource During Expected Lifetime
Visit http://cwe.mitre.org/ for more details.