CWE-672
Operation on a Resource after Expiration or Release
Draft
2008-04-11
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Notificaciones para un CWE
Manténgase informado sobre cualquier cambio en un CWE específico.
Nombre: Operation on a Resource after Expiration or Release
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
Informaciones generales
Modos de introducción
ImplementationOperation
Plataformas aplicables
Lenguaje
Class: Not Language-Specific (Undetermined)Tecnologías
Class: Mobile (Undetermined)Consecuencias comunes
| Alcance | Impacto | Probabilidad |
|---|---|---|
| Integrity Confidentiality | Modify Application Data, Read Application Data Note: If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity. | |
| Other Availability | Other, DoS: Crash, Exit, or Restart Note: When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash. |
Ejemplos observados
| Referencias | Descripción |
|---|---|
CVE-2009-3547 | Chain: race condition (CWE-362) might allow resource to be released before operating on it, leading to NULL dereference (CWE-476) |
Métodos de detección
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)Efectividad : High
Notas de mapeo de vulnerabilidades
Justificación : This CWE entry is a Class and might have Base-level children that would be more appropriateComentario : Examine children of this entry to see if there is a better fit
Referencias
REF-962
Automated Source Code Security Measure (ASCSM)Object Management Group (OMG).
http://www.omg.org/spec/ASCSM/1.0/
Envío
| Nombre | Organización | Fecha | Fecha de lanzamiento | Version |
|---|---|---|---|---|
| CWE Content Team | MITRE | Draft 9 |
Modificaciones
| Nombre | Organización | Fecha | Comentario |
|---|---|---|---|
| Eric Dalci | Cigital | updated Time_of_Introduction | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Description, Name, Relationships | |
| CWE Content Team | MITRE | updated Observed_Examples, Relationships | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Common_Consequences, Demonstrative_Examples, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Applicable_Platforms | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Demonstrative_Examples, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated References, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships, Type | |
| CWE Content Team | MITRE | updated Applicable_Platforms, Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Relationships, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Observed_Examples | |
| CWE Content Team | MITRE | updated Detection_Factors, Weakness_Ordinalities |
