Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-459 (清理环节不完整) — Vulnerability Class 51

51 vulnerabilities classified as CWE-459 (清理环节不完整). AI Chinese analysis included.

CWE-459 represents a resource management weakness where software fails to properly release temporary or supporting resources after their intended use. This oversight typically leads to resource exhaustion, such as memory leaks, file descriptor saturation, or disk space depletion, which can degrade system performance or cause denial-of-service conditions. Attackers often exploit this by repeatedly triggering operations that allocate resources without releasing them, effectively starving the system of necessary assets. To mitigate this risk, developers must implement rigorous cleanup protocols, ensuring that all allocated resources are explicitly freed or closed within finally blocks or using automatic resource management constructs like context managers. Adhering to strict lifecycle management practices and conducting thorough code reviews helps prevent these leaks, maintaining system stability and security integrity.

MITRE CWE Description
The product does not properly "clean up" and remove temporary or supporting resources after they have been used.
Common Consequences (1)
Other, Confidentiality, IntegrityOther, Read Application Data, Modify Application Data, DoS: Resource Consumption (Other)
It is possible to overflow the number of temporary files because directories typically have limits on the number of files allowed. This could create a denial of service problem.
Mitigations (1)
Architecture and Design, ImplementationTemporary files and other supporting resources should be deleted/released immediately after they are no longer needed.
Examples (1)
Stream resources in a Java application should be released in a finally block, otherwise an exception thrown before the call to close() would result in an unreleased I/O resource. In the example below, the close() method is called in the try block (incorrect).
try { InputStream is = new FileInputStream(path); byte b[] = new byte[is.available()]; is.read(b); is.close(); } catch (Throwable t) { log.error("Something bad happened: " + t.getMessage()); }
Bad · Java
CVE IDTitleCVSSSeverityPublished
CVE-2024-26005 PHOENIX CONTACT: Privilege gain through incomplete cleanup in CHARX Series — CHARX SEC-3000 4.8 Medium2024-03-12
CVE-2024-1048 Grub2: grub2-set-bootflag can be abused by local (pseudo-)users 3.3 Low2024-02-06
CVE-2024-21617 Junos OS: BGP flap on NSR-enabled devices causes memory leak — Junos OS 6.5 Medium2024-01-12
CVE-2023-41835 Apache Struts: excessive disk usage — Apache Struts 8.2 -2023-12-05
CVE-2023-42795 Apache Tomcat: Failure during request clean-up leads to sensitive data leaking to subsequent requests — Apache Tomcat 5.3 -2023-10-10
CVE-2023-42794 Apache Tomcat: FileUpload: DoS due to accumulation of temporary files on Windows — Apache Tomcat 7.5 -2023-10-10
CVE-2023-36468 Upgrading doesn't prevent exploiting vulnerable XWiki documents — xwiki-platform 10.0 Critical2023-06-29
CVE-2022-45455 Acronis Agent 安全漏洞 — Acronis Cyber Protect Home Office 7.8 -2023-02-13
CVE-2023-22407 Junos OS and Junos OS Evolved: An RPD crash can happen due to an MPLS TE tunnel configuration change on a directly connected router — Junos OS 6.5 Medium2023-01-12
CVE-2022-45347 Apache ShardingSphere-Proxy: MySQL authentication bypass — Apache ShardingSphere-Proxy 9.8 -2022-12-22
CVE-2022-3238 Linux kernel 资源管理错误漏洞 — Kernel 7.8 -2022-11-14
CVE-2022-1552 PostgreSQL 权限许可和访问控制问题漏洞 — postgresql 8.8 -2022-08-31
CVE-2022-0171 Linux kernel 安全漏洞 — kernel 5.5 -2022-08-26
CVE-2021-36205 Metasys session token — Metasys 8.1 High2022-04-15
CVE-2021-4002 Linux kernel 安全漏洞 — kernel 3.3 -2022-03-03
CVE-2022-0646 Linux kernel 资源管理错误漏洞 — Kernel 7.8 -2022-02-18
CVE-2021-4032 Linux kernel 安全漏洞 — kernel 4.4 -2022-01-21
CVE-2021-32928 Objective Open CBOR Run-time 安全漏洞 — Sentinel LDK Run-Time Environment 9.8 -2021-06-16
CVE-2020-12494 Beckhoff: Etherleak in TwinCAT RT network driver — TwinCat Driver for Intel 8254x (Tcl8254x.sys) 5.3 Medium2020-06-16
CVE-2020-10685 Ansible 安全漏洞 — Ansible 5.0 Medium2020-05-11
CVE-2019-5011 CleanMyMac X 输入验证错误漏洞 — CleanMyMac X 5.5 -2019-03-21

Vulnerabilities classified as CWE-459 (清理环节不完整) represent 51 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.