BaseDraft

CWE-772Missing Release of Resource after Effective Lifetime

Category: logic

Description

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Common consequences· 1

  • Availability — DoS: Resource Consumption (Other), DoS: Resource Consumption (Memory), DoS: Resource Consumption (CPU)
    An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.

Potential mitigations· 3

  • [Requirements]
  • [Implementation]It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions.
  • [Operation, Architecture and Design]

Related CAPEC attack patterns· 1

CAPEC-469

References

  1. https://cwe.mitre.org/data/definitions/772.html

Exploits (incoming)1

TypeTargetConfidenceTier
AttackPatternHTTP DoScapec-469100%live

(incoming)2

TypeTargetConfidenceTier
VulnerabilityCVE-2026-20082cve-2026-200820%live
KEVEntryCisco ASA and FTD Denial-of-Service Vulnerabilitykev-cve-2024-204810%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Release of Memory after Effective Lifetime
CWE
Premature Release of Resource During Expected Lifetime
CWE
Improper Resource Shutdown or Release
CWE
Improper Control of a Resource Through its Lifetime
CWE
Missing Reference to Active Allocated Resource
CWE
Incomplete Cleanup
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.