VariantIncomplete

CWE-775Missing Release of File Descriptor or Handle after Effective Lifetime

Category: other

Description

The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed. When a file descriptor or handle is not released after use (typically by explicitly closing it), attackers can cause a denial of service by consuming all available file descriptors/handles, or otherwise preventing other system processes from obtaining their own file descriptors/handles.

Common consequences· 1

  • Availability — DoS: Resource Consumption (Other)
    An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource.

Potential mitigations· 1

  • [Operation, Architecture and Design]

References

  1. https://cwe.mitre.org/data/definitions/775.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Allocation of File Descriptors or Handles Without Limits or Throttling
CWE
Missing Reference to Active File Descriptor or Handle
CWE
Use of Expired File Descriptor
CWE
Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')
CWE
Improper Resource Shutdown or Release
CWE
Missing Release of Memory after Effective Lifetime
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.