Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-664 (在生命周期中对资源的控制不恰当) — Vulnerability Class 26

26 vulnerabilities classified as CWE-664 (在生命周期中对资源的控制不恰当). AI Chinese analysis included.

CWE-664 represents a critical resource management weakness where software fails to properly control a resource throughout its entire lifecycle, including creation, use, and eventual release. This flaw typically arises when developers neglect to follow explicit instructions for resource handling or ignore fundamental principles of safe resource management, leading to unexpected behaviors and potentially exploitable states. Attackers often exploit this by manipulating resources that remain open or improperly initialized, causing denial of service, data corruption, or unauthorized access. To mitigate this risk, developers must implement rigorous lifecycle management protocols, ensuring that resources are correctly initialized, securely used, and definitively released or closed when no longer needed. Adhering to strict coding standards and employing automated static analysis tools can help identify these gaps, preventing the accumulation of stale or vulnerable resource states that compromise system integrity and security.

MITRE CWE Description
The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release. Resources often have explicit instructions on how to be created, used and destroyed. When code does not follow these instructions, it can lead to unexpected behaviors and potentially exploitable states. Even without explicit instructions, various principles are expected to be adhered to, such as "Do not use an object until after its creation is complete," or "do not use an object after it has been slated for destruction."
Common Consequences (1)
OtherOther
Examples (1)
This code allocates a socket and forks each time it receives a new connection.
sock=socket(AF_INET, SOCK_STREAM, 0); while (1) { newsock=accept(sock, ...); printf("A connection has been accepted\n"); pid = fork(); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2025-34226 OpenPLC Runtime v3 Persistent DoS — OpenPLC Runtime 6.5AIMediumAI2025-10-03
CVE-2025-54621 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.3 Medium2025-08-06
CVE-2025-54619 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.3 Medium2025-08-06
CVE-2025-54613 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.9 Medium2025-08-06
CVE-2025-54612 Huawei HarmonyOS 安全漏洞 — HarmonyOS 5.9 Medium2025-08-06
CVE-2024-41169 Apache Zeppelin: raft directory listing and file read — Apache Zeppelin 7.5AIHighAI2025-07-12
CVE-2025-21593 Junos OS and Junos OS Evolved: On SRv6 enabled devices, an attacker sending a malformed BGP update can cause the rpd to crash — Junos OS 6.5 Medium2025-01-09
CVE-2024-45383 Microsoft High Definition Audio Bus Driver 安全漏洞 — HDAudBus.sys 5.0 Medium2024-09-12
CVE-2024-37139 Dell PowerProtect Data Domain 安全漏洞 — PowerProtect DD 6.5 Medium2024-06-26
CVE-2023-44295 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.3 Medium2023-12-05
CVE-2023-44288 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.5 High2023-12-05
CVE-2023-25942 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 6.5 Medium2023-04-04
CVE-2022-46144 Siemens SCALANCE Series 安全漏洞 — SCALANCE SC622-2C 6.5 Medium2022-12-13
CVE-2022-27518 Unauthenticated remote arbitrary code execution — Citrix Gateway, Citrix ADC 9.8 Critical2022-12-13
CVE-2022-20856 Cisco IOS XE Wireless Controller Software for the Catalyst 9000 Family CAPWAP Mobility Denial of Service Vulnerability — Cisco IOS XE Software 8.6 High2022-09-30
CVE-2022-31153 OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli — cairo-contracts 6.5 Medium2022-07-15
CVE-2022-27512 Temporary disruption of the ADM license service — Citrix Application Delivery Management (Citrix ADM) 5.3 -2022-06-16
CVE-2022-20748 Cisco Firepower Threat Defense Software Local Malware Analysis Denial of Service Vulnerability — Cisco Firepower Threat Defense Software 5.3 Medium2022-05-03
CVE-2022-1385 Invitation Email is resent as a Reminder after invalidating pending email invites — Mattermost 3.7 Low2022-04-19
CVE-2021-1592 Cisco UCS Manager Software SSH Sessions Denial of Service Vulnerability — Cisco Unified Computing System (Managed) 4.3 Medium2021-08-25
CVE-2020-3504 Cisco UCS Manager Software Local Management CLI Denial of Service Vulnerability — Cisco Unified Computing System (Managed) 3.3 Low2020-08-27
CVE-2020-1622 Junos OS Evolved: EvoSharedObjStore may leak sensitive information — Junos OS Evolved 5.5 Medium2020-04-08
CVE-2020-1621 Junos OS Evolved: Configd leaks hashes via stream and is world readable — Junos OS Evolved 5.5 Medium2020-04-08
CVE-2020-1620 Junos OS Evolved: Configd leaks hashes via log file and is world readable — Junos OS Evolved 5.5 Medium2020-04-08
CVE-2020-3175 Cisco MDS 9000 Series Multilayer Switches Denial of Service Vulnerability — Cisco NX-OS Software 5.0(1a) 7.5 -2020-02-26
CVE-2019-16779 In RubyGem excon, interrupted Persistent Connections May Leak Response Data — excon 5.8 Medium2019-12-16

Vulnerabilities classified as CWE-664 (在生命周期中对资源的控制不恰当) represent 26 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.