logo

CWE-583 - finalize() Method Declared Public

CWE-583

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

finalize() Method Declared Public

Description

The product violates secure coding principles for mobile code by declaring a finalize() method public.

A product should never call finalize explicitly, except to call super.finalize() inside an implementation of finalize(). In mobile code situations, the otherwise error prone practice of manual garbage collection can become a security threat if an attacker can maliciously invoke a finalize() method because it is declared with public access.

Common Consequences

Scope: Confidentiality, Integrity, Availability

Impact: Alter Execution Logic, Execute Unauthorized Code or Commands, Modify Application Data

Related Weaknesses
  • Release Date:
  • 2006-12-15
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website