Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-772 (对已超过有效生命周期的资源丧失索引) — Vulnerability Class 51

51 vulnerabilities classified as CWE-772 (对已超过有效生命周期的资源丧失索引). AI Chinese analysis included.

CWE-772 represents a resource management weakness where software fails to release allocated resources, such as memory, file handles, or network connections, after they are no longer needed. This oversight typically leads to resource exhaustion, causing system instability, performance degradation, or denial-of-service conditions as available resources dwindle. Attackers often exploit this by triggering repeated allocations without corresponding releases, effectively starving the system of critical resources. To prevent this, developers must implement strict lifecycle management protocols, ensuring that every allocated resource is explicitly freed or closed once its operational purpose concludes. Utilizing automated memory management tools, adhering to the RAII paradigm, and conducting rigorous code reviews for proper cleanup routines are essential strategies for mitigating this vulnerability and maintaining system reliability.

MITRE CWE Description
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Common Consequences (1)
AvailabilityDoS: Resource Consumption (Other), DoS: Resource Consumption (Memory), DoS: Resource Consumption (CPU)
An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.
Mitigations (3)
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
ImplementationIt is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free resources in a function. If you allocate resources that you intend to free upon completion of the function, you must be sure to free the resources at all exit points for that function including error conditions.
Operation, Architecture and DesignUse resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems. When the current levels get close to the maximum that is define…
Examples (2)
The following method never closes the new file handle. Given enough time, the Finalize() method for BufferReader should eventually call Close(), but there is no guarantee as to how long this action will take. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, the Operating System could use up all of the available file handles before the Close() function is …
private void processFile(string fName) { BufferReader fil = new BufferReader(new FileReader(fName)); String line; while ((line = fil.ReadLine()) != null) { processLine(line); } }
Bad · Java
private void processFile(string fName) { BufferReader fil = new BufferReader(new FileReader(fName)); String line; while ((line = fil.ReadLine()) != null) { processLine(line); } fil.Close(); }
Good · Java
The following code attempts to open a new connection to a database, process the results returned by the database, and close the allocated SqlConnection object.
SqlConnection conn = new SqlConnection(connString); SqlCommand cmd = new SqlCommand(queryString); cmd.Connection = conn; conn.Open(); SqlDataReader rdr = cmd.ExecuteReader(); HarvestResults(rdr); conn.Connection.Close();
Bad · C#
CVE IDTitleCVSSSeverityPublished
CVE-2023-47216 Liteos-A has a missing release of resource vulnerability — OpenHarmony 2.9 Low2024-01-02
CVE-2023-47124 Denial of service whith ACME HTTPChallenge in Traefik — traefik 5.9 Medium2023-12-04
CVE-2023-20095 Cisco Firepower Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software 8.6 High2023-11-01
CVE-2023-45814 Tokens cached in the AuthenticationService are susceptible to reuse in Bunkum — Bunkum 5.3 Medium2023-10-18
CVE-2023-36533 Zoom Client SDK 安全漏洞 — Zoom SDK's 7.1 High2023-08-08
CVE-2023-1150 WAGO: Series 750-3x/-8x prone to MODBUS server DoS — 750-332 7.5 High2023-06-26
CVE-2023-22302 BIG-IP HTTP profile vulnerability — BIG-IP 5.9 Medium2023-02-01
CVE-2022-29884 Siemens SICAM A8000 CP-8000 资源管理错误漏洞 — CP-8000 MASTER MODULE WITH I/O -25/+70°C 9.1 -2022-07-12
CVE-2022-28187 NVIDIA GPU Display Driver 安全漏洞 — NVIDIA GPU Display Driver 5.5 Medium2022-05-17
CVE-2022-26354 QEMU 安全漏洞 — qemu-kvm 6.7 -2022-03-16
CVE-2022-26353 QEMU 安全漏洞 — qemu-kvm 8.2 -2022-03-16
CVE-2021-31378 Junos OS: An attacker sending spoofed RADIUS messages to a Junos OS device configured for broadband services may cause broadband subscribers to remain stuck in a "Terminating" state. — Junos OS 6.8 Medium2021-10-19
CVE-2021-42340 DoS via memory leak with WebSocket connections — Apache Tomcat 7.5 -2021-10-14
CVE-2021-34581 WAGO: Denial of Service vulnerability inside the OpenSSL implementation — 750-831/xxx-xxx, 750-880/xxx-xxx, 750-881, 750-889 7.5 High2021-08-31
CVE-2021-1523 Cisco Nexus 9000 Series Fabric Switches ACI Mode Queue Wedge Denial of Service Vulnerability — Cisco NX-OS System Software in ACI Mode 8.6 High2021-08-25
CVE-2021-21600 Dell NetWorker 安全漏洞 — NetWorker 6.5 Medium2021-08-10
CVE-2021-21002 Denial of Service in Phoenix Contact FL COMSERVER UNI products — FL COMSERVER 7.5 High2021-06-25
CVE-2020-27351 Various memory and file descriptor leaks in apt-python — python-apt 2.0 Low2020-12-10
CVE-2020-14339 Red Hat libvirt 安全漏洞 — libvirt 8.8 -2020-12-03
CVE-2019-3883 Red Hat 389 Directory Server 缓冲区错误漏洞 — 389-ds-base 7.5 -2019-04-17
CVE-2019-3821 Red Hat ceph 资源管理错误漏洞 — ceph 7.5 -2019-03-27

Vulnerabilities classified as CWE-772 (对已超过有效生命周期的资源丧失索引) represent 51 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.