logo

CWE-775 - Missing Release of File Descriptor or Handle after Effective Lifetime

CWE-775

  • Abstraction:
  • Variant
  • Structure:
  • Simple
  • Status:
  • Incomplete
Weakness Name

Missing Release of File Descriptor or Handle after Effective Lifetime

Description

The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.

When a file descriptor or handle is not released after use (typically by explicitly closing it), attackers can cause a denial of service by consuming all available file descriptors/handles, or otherwise preventing other system processes from obtaining their own file descriptors/handles.

Common Consequences

Scope: Availability

Impact: DoS: Resource Consumption (Other)

Notes: An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource.

Related Weaknesses

CWE-404Improper Resource Shutdown or ReleaseMedium

CWE-772Missing Release of Resource after Effective LifetimeHigh

  • Release Date:
  • 2009-05-27
  • Latest Modification Date:
  • 2023-06-29

Free security scan for your website