Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-775 (缺失文件描述符或句柄在有效生命周期之后的释放处理) — Vulnerability Class 3

3 vulnerabilities classified as CWE-775 (缺失文件描述符或句柄在有效生命周期之后的释放处理). AI Chinese analysis included.

CWE-775 represents a resource management weakness where software fails to release file descriptors or handles after they are no longer needed. This oversight typically occurs when developers neglect to explicitly close opened resources, leaving them allocated in the system memory. Attackers exploit this vulnerability by repeatedly opening files or connections without closing them, rapidly exhausting the available pool of descriptors. This resource exhaustion leads to a denial of service, as the system runs out of handles, preventing legitimate processes from accessing necessary files or network resources. To prevent this, developers must implement robust resource management practices, ensuring that every opened file descriptor or handle is explicitly closed in a finally block or through context managers. Regular code reviews and static analysis tools can also help identify these leaks, ensuring system stability and security against resource exhaustion attacks.

MITRE CWE Description
The product does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed. When a file descriptor or handle is not released after use (typically by explicitly closing it), attackers can cause a denial of service by consuming all available file descriptors/handles, or otherwise preventing other system processes from obtaining their own file descriptors/handles.
Common Consequences (1)
AvailabilityDoS: Resource Consumption (Other)
An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource.
Mitigations (1)
Operation, Architecture and DesignUse resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems. When the current levels get close to the maximum that is define…
CVE IDTitleCVSSSeverityPublished
CVE-2019-25557 TwistedBrush Pro Studio 24.06 Denial of Service via srp File — TwistedBrush Pro Studio 6.2 Medium2026-03-21
CVE-2025-53476 OpenPLC 安全漏洞 — OpenPLC_v3 5.3 Medium2025-10-07
CVE-2017-8452 Elasticsearch Kibana 安全漏洞 — Kibana--2017-06-16

Vulnerabilities classified as CWE-775 (缺失文件描述符或句柄在有效生命周期之后的释放处理) represent 3 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.