CWE-771 - Missing Reference to Active Allocated Resource
- Abstraction:Base
- Structure:Simple
- Status:Incomplete
- Release Date:2009-05-27
- Latest Modification Date:2023-06-29
Weakness Name
Missing Reference to Active Allocated Resource
Description
The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.
This does not necessarily apply in languages or frameworks that automatically perform garbage collection, since the removal of all references may act as a signal that the resource is ready to be reclaimed.
Common Consequences
Scope: Availability
Impact: DoS: Resource Consumption (Other)
Notes: An attacker that can influence the allocation of resources that are not properly maintained could deplete the available resource pool and prevent all other processes from accessing the same type of resource.
Related Weaknesses
Oracle denies breach after hacker claims theft of 6 million data records
Oracle Health breach compromises patient data at US hospitals
Attackers are targeting CrushFTP vulnerability with public PoC (CVE-2025-2825)
Russian Hackers Exploit CVE-2025-26633 via MSC EvilTwin to Deploy SilentPrism and DarkWisp
CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites
CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825)
RANsacked: Over 100 Security Flaws Found in LTE and 5G Network Implementations
Employee charged with stealing unreleased movies, sharing them online
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2024-49035 Microsoft Partner Center Improper Access Control Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
InformationalContent-Type Header Empty
LowServer Leaks Version Information via "Server" HTTP Response Header Field
HighSQL Injection
MediumDirectory Browsing
InformationalStorable but Non-Cacheable Content
MediumParameter Tampering
InformationalSec-Fetch-Site Header is Missing