CWE-404
Improper Resource Shutdown or Release
Description
The product does not release or incorrectly releases a resource before it is made available for re-use.
When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.
Parent Weaknesses (ChildOf)
Related Weaknesses
Common Consequences
Scope
Impact
DoS: Resource Consumption (Other), Varies by Context
Scope
Impact
Read Application Data
Potential Mitigations
Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions.
Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[].
When releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself.
CVE-1999-1127Does not shut down named pipe connections if malformed data is sent.
CVE-2001-0830Sockets not properly closed when attacker repeatedly connects and disconnects from server.
CVE-2002-1372Chain: Return values of file/socket operations are not checked (CWE-252), allowing resultant consumption of file descriptors (CWE-772).
Applicable Platforms
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now