CWE-404β€”Improper Resource Shutdown or Release

PUBLISHEDweakness recordMedium
released 2006-07-19 Β· last modified 2023-10-26

Metadata

CWE ID:
CWE-404
Abstraction:
Class
Structure:
Simple
Status:
Draft
Release Date:
2006-07-19
Latest Modification Date:
2023-10-26

Weakness Name

Improper Resource Shutdown or Release

Description

The product does not release or incorrectly releases a resource before it is made available for re-use.

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

Common Consequences

Scope:
Availability, Other
Impact:
DoS: Resource Consumption (Other), Varies by Context
Notes:
Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool.
Scope:
Confidentiality
Impact:
Read Application Data
Notes:
When a resource containing sensitive information is not correctly shutdown, it may expose the sensitive data in a subsequent allocation.

Related Weaknesses