CWE-772 - Missing Release of Resource after Effective Lifetime

CWE-772 High

Abstraction:
Base

Structure:
Simple

Status:
Draft

Weakness Name: Missing Release of Resource after Effective Lifetime

Description: The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
When a resource is not released after use, it can allow attackers to cause a denial of service by causing the allocation of resources without triggering their release. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.

Common Consequences: Scope: Availability
Impact: DoS: Resource Consumption (Other)
Notes: An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource.

Related Weaknesses: CWE-404Improper Resource Shutdown or ReleaseMedium

Release Date:
2009-05-27

Latest Modification Date:
2023-10-26

Free security scan for your website

Don't show website scan report rating on the leaderboard