logo

CWE-404 - Improper Resource Shutdown or Release

  • Abstraction:Class
  • Structure:Simple
  • Status:Draft
  • Release Date:2006-07-19
  • Latest Modification Date:2023-10-26

Weakness Name

Improper Resource Shutdown or Release

Description

The product does not release or incorrectly releases a resource before it is made available for re-use.

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

Common Consequences

Scope: Availability, Other

Impact: DoS: Resource Consumption (Other), Varies by Context

Notes: Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool.

Scope: Confidentiality

Impact: Read Application Data

Notes: When a resource containing sensitive information is not correctly shutdown, it may expose the sensitive data in a subsequent allocation.

Related Weaknesses

CWE-405Asymmetric Resource Consumption (Amplification)

CWE-619Dangling Database Cursor ('Cursor Injection')

CWE-664Improper Control of a Resource Through its Lifetime