BaseIncomplete

CWE-826Premature Release of Resource During Expected Lifetime

Category: logic

Description

The product releases a resource that is still intended to be used by itself or another actor.

Common consequences· 3

  • Confidentiality — Read Application Data, Read Memory
    If the released resource is subsequently reused or reallocated, then a read operation on the original resource might access sensitive data that is associated with a different user or entity.
  • Availability — DoS: Crash, Exit, or Restart
    When the resource is released, the software might modify some of its structure, or close associated channels (such as a file descriptor). When the software later accesses the resource as if it is valid, the resource might not be in an expected state, leading to resultant errors that may lead to a crash.
  • Integrity / Confidentiality / Availability — Execute Unauthorized Code or Commands, Modify Application Data, Modify Memory
    When the resource is released, the software might modify some of its structure. This might affect logic in the sections of code that still assume the resource is active. If the released resource is related to memory and is used in a function call, or points to unexpected data in a write operation, then code execution may be possible upon subsequent accesses.

References

  1. https://cwe.mitre.org/data/definitions/826.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Missing Release of Resource after Effective Lifetime
CWE
Improper Control of a Resource Through its Lifetime
CWE
Improper Resource Shutdown or Release
CWE
Operation on a Resource after Expiration or Release
CWE
Multiple Releases of Same Resource or Handle
CWE
Missing Release of Memory after Effective Lifetime
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.