Improper Control of a Resource Through its Lifetime |
Weakness ID: 664 (Weakness Class) | Status: Draft |
Description Summary
Extended Description
Resources often have explicit instructions on how to be created, used and destroyed. When software fails to follow these instructions, it can lead to unexpected behaviors and potentially exploitable states.
Even without explicit instructions, various principles are expected to be adhered to, such as "Do not use an object until after its creation is complete," or "do not use an object after it has been slated for destruction."
Nature | Type | ID | Name | View(s) this relationship pertains to |
---|---|---|---|---|
ChildOf | Category | 361 | Time and State | Development Concepts (primary)699 |
ParentOf | Weakness Class | 221 | Information Loss or Omission | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 282 | Improper Ownership Management | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 286 | Incorrect User Management | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 400 | Uncontrolled Resource Consumption ('Resource Exhaustion') | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 404 | Improper Resource Shutdown or Release | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 405 | Asymmetric Resource Consumption (Amplification) | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 410 | Insufficient Resource Pool | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 471 | Modification of Assumed-Immutable Data (MAID) | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 485 | Insufficient Encapsulation | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 514 | Covert Channel | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 610 | Externally Controlled Reference to a Resource in Another Sphere | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 665 | Improper Initialization | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 666 | Operation on Resource in Wrong Phase of Lifetime | Research Concepts (primary)1000 |
ParentOf | Weakness Base | 667 | Insufficient Locking | Research Concepts1000 |
ParentOf | Weakness Class | 668 | Exposure of Resource to Wrong Sphere | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 669 | Incorrect Resource Transfer Between Spheres | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 673 | External Influence of Sphere Definition | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 704 | Incorrect Type Conversion or Cast | Research Concepts (primary)1000 |
ParentOf | Weakness Class | 706 | Use of Incorrectly-Resolved Name or Reference | Research Concepts (primary)1000 |
MemberOf | View | 1000 | Research Concepts | Research Concepts (primary)1000 |
More work is needed on this node and its children. There are perspective/layering issues; for example, one breakdown is based on lifecycle phase (CWE-404, CWE-665), while other children are independent of lifecycle, such as CWE-400. Others do not specify as many bases or variants, such as CWE-704, which primarily covers numbers at this stage. |
Modifications | ||||
---|---|---|---|---|
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Description, Maintenance Notes, Relationships, Type | ||||
2009-03-10 | CWE Content Team | MITRE | Internal | |
updated Related Attack Patterns | ||||
2009-05-27 | CWE Content Team | MITRE | Internal | |
updated Description, Name, Relationships | ||||
2009-07-27 | CWE Content Team | MITRE | Internal | |
updated Relationships | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2009-05-27 | Insufficient Control of a Resource Through its Lifetime | |||