Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-404:Improper Resource Shutdown or Release
Weakness ID:404
Version:v4.17
Weakness Name:Improper Resource Shutdown or Release
Vulnerability Mapping:Allowed-with-Review
Abstraction:Class
Structure:Simple
Status:Draft
Likelihood of Exploit:Medium
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product does not release or incorrectly releases a resource before it is made available for re-use.

▼Extended Description

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

▼Alternate Terms
▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
CanPrecedeAllowedB619Dangling Database Cursor ('Cursor Injection')
ChildOfDiscouragedP664Improper Control of a Resource Through its Lifetime
ParentOfAllowedB1266Improper Scrubbing of Sensitive Data from Decommissioned Device
ParentOfAllowedV239Failure to Handle Incomplete Element
ParentOfAllowedB299Improper Check for Certificate Revocation
ParentOfAllowedB459Incomplete Cleanup
ParentOfAllowedB763Release of Invalid Pointer or Reference
ParentOfAllowedB772Missing Release of Resource after Effective Lifetime
PeerOfAllowed-with-ReviewC405Asymmetric Resource Consumption (Amplification)
Nature: CanPrecede
Mapping: Allowed
Type: Base
ID: 619
Name: Dangling Database Cursor ('Cursor Injection')
Nature: ChildOf
Mapping: Discouraged
Type: Pillar
ID: 664
Name: Improper Control of a Resource Through its Lifetime
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 1266
Name: Improper Scrubbing of Sensitive Data from Decommissioned Device
Nature: ParentOf
Mapping: Allowed
Type: Variant
ID: 239
Name: Failure to Handle Incomplete Element
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 299
Name: Improper Check for Certificate Revocation
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 459
Name: Incomplete Cleanup
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 763
Name: Release of Invalid Pointer or Reference
Nature: ParentOf
Mapping: Allowed
Type: Base
ID: 772
Name: Missing Release of Resource after Effective Lifetime
Nature: PeerOf
Mapping: Allowed-with-Review
Type: Class
ID: 405
Name: Asymmetric Resource Consumption (Amplification)
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC3987PK - Code Quality
MemberOfProhibitedC730OWASP Top Ten 2004 Category A9 - Denial of Service
MemberOfProhibitedC743CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
MemberOfProhibitedC7522009 Top 25 - Risky Resource Management
MemberOfProhibitedC857The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
MemberOfProhibitedC876CERT C++ Secure Coding Section 08 - Memory Management (MEM)
MemberOfProhibitedC877CERT C++ Secure Coding Section 09 - Input Output (FIO)
MemberOfProhibitedC882CERT C++ Secure Coding Section 14 - Concurrency (CON)
MemberOfProhibitedC982SFP Secondary Cluster: Failure to Release Resource
MemberOfProhibitedV1003Weaknesses for Simplified Mapping of Published Vulnerabilities
MemberOfProhibitedC1147SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
MemberOfProhibitedC1162SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)
MemberOfProhibitedC1163SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)
MemberOfProhibitedC1306CISQ Quality Measures - Reliability
MemberOfProhibitedC1308CISQ Quality Measures - Security
MemberOfProhibitedC1309CISQ Quality Measures - Efficiency
MemberOfProhibitedV1340CISQ Data Protection Measures
MemberOfProhibitedC1416Comprehensive Categorization: Resource Lifecycle Management
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 398
Name: 7PK - Code Quality
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 730
Name: OWASP Top Ten 2004 Category A9 - Denial of Service
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 743
Name: CERT C Secure Coding Standard (2008) Chapter 10 - Input Output (FIO)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 752
Name: 2009 Top 25 - Risky Resource Management
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 857
Name: The CERT Oracle Secure Coding Standard for Java (2011) Chapter 14 - Input Output (FIO)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 876
Name: CERT C++ Secure Coding Section 08 - Memory Management (MEM)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 877
Name: CERT C++ Secure Coding Section 09 - Input Output (FIO)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 882
Name: CERT C++ Secure Coding Section 14 - Concurrency (CON)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 982
Name: SFP Secondary Cluster: Failure to Release Resource
Nature: MemberOf
Mapping: Prohibited
Type:View
ID: 1003
Name: Weaknesses for Simplified Mapping of Published Vulnerabilities
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1147
Name: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1162
Name: SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1163
Name: SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1306
Name: CISQ Quality Measures - Reliability
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1308
Name: CISQ Quality Measures - Security
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1309
Name: CISQ Quality Measures - Efficiency
Nature: MemberOf
Mapping: Prohibited
Type:View
ID: 1340
Name: CISQ Data Protection Measures
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1416
Name: Comprehensive Categorization: Resource Lifecycle Management
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-273Medium likelihood of exploit
MemberOfProhibitedBSBOSS-288Language Selection Strategy
MemberOfProhibitedBSBOSS-294Not Language-Specific Weaknesses
MemberOfProhibitedBSBOSS-326Varies by Context (impact)
MemberOfProhibitedBSBOSS-328Read Application Data (impact)
MemberOfProhibitedBSBOSS-333DoS: Resource Consumption (Other) (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-273
Name: Medium likelihood of exploit
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-288
Name: Language Selection Strategy
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-294
Name: Not Language-Specific Weaknesses
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-326
Name: Varies by Context (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-328
Name: Read Application Data (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-333
Name: DoS: Resource Consumption (Other) (impact)
▼Relevant To View
Relevant to the view"Weaknesses Addressed by the SEI CERT Oracle Coding Standard for Java - (1133)"
NatureMappingTypeIDName
MemberOfProhibitedC1147SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1147
Name: SEI CERT Oracle Secure Coding Standard for Java - Guidelines 13. Input Output (FIO)
Relevant to the view"Weaknesses Addressed by the SEI CERT C Coding Standard - (1154)"
NatureMappingTypeIDName
MemberOfProhibitedC1162SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1162
Name: SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)
Relevant to the view"Weaknesses Addressed by the SEI CERT C Coding Standard - (1154)"
NatureMappingTypeIDName
MemberOfProhibitedC1163SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1163
Name: SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)
Relevant to the view"CISQ Quality Measures (2020) - (1305)"
NatureMappingTypeIDName
MemberOfProhibitedC1306CISQ Quality Measures - Reliability
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1306
Name: CISQ Quality Measures - Reliability
Relevant to the view"CISQ Quality Measures (2020) - (1305)"
NatureMappingTypeIDName
MemberOfProhibitedC1308CISQ Quality Measures - Security
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1308
Name: CISQ Quality Measures - Security
Relevant to the view"CISQ Quality Measures (2020) - (1305)"
NatureMappingTypeIDName
MemberOfProhibitedC1309CISQ Quality Measures - Efficiency
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 1309
Name: CISQ Quality Measures - Efficiency
Relevant to the view"Seven Pernicious Kingdoms - (700)"
NatureMappingTypeIDName
MemberOfProhibitedC3987PK - Code Quality
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 398
Name: 7PK - Code Quality
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC982SFP Secondary Cluster: Failure to Release Resource
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 982
Name: SFP Secondary Cluster: Failure to Release Resource
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
AvailabilityOtherN/ADoS: Resource Consumption (Other)Varies by Context

Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool.

ConfidentialityN/ARead Application Data

When a resource containing sensitive information is not correctly shutdown, it may expose the sensitive data in a subsequent allocation.

Scope: Availability, Other
Likelihood: N/A
Impact: DoS: Resource Consumption (Other), Varies by Context
Note:

Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool.

Scope: Confidentiality
Likelihood: N/A
Impact: Read Application Data
Note:

When a resource containing sensitive information is not correctly shutdown, it may expose the sensitive data in a subsequent allocation.

▼Potential Mitigations
Phase:Requirements
Mitigation ID: MIT-3
Strategy: Language Selection
Effectiveness:
Description:

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

Note:


Phase:Implementation
Mitigation ID:
Strategy:
Effectiveness:
Description:

It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions.

Note:


Phase:Implementation
Mitigation ID:
Strategy:
Effectiveness:
Description:

Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[].

Note:


Phase:Implementation
Mitigation ID:
Strategy:
Effectiveness:
Description:

When releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself.

Note:

▼Modes Of Introduction
Phase: Implementation
Note:

N/A

▼Applicable Platforms
Languages
Class: Not Language-Specific(Undetermined Prevalence)
▼Demonstrative Examples
Example 1

The following method never closes the new file handle. Given enough time, the Finalize() method for BufferReader should eventually call Close(), but there is no guarantee as to how long this action will take. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, the Operating System could use up all of the available file handles before the Close() function is called.

Language: ( code)
N/A

Language: Java(Bad code)
private void processFile(string fName) { BufferReader fil = new BufferReader(new FileReader(fName)); String line; while ((line = fil.ReadLine()) != null) { processLine(line); } }

Language: ( code)
N/A

The good code example simply adds an explicit call to the Close() function when the system is done using the file. Within a simple example such as this the problem is easy to see and fix. In a real system, the problem may be considerably more obscure.

Language: Java(Good code)
private void processFile(string fName) { BufferReader fil = new BufferReader(new FileReader(fName)); String line; while ((line = fil.ReadLine()) != null) { processLine(line); } fil.Close(); }

Example 2

This code attempts to open a connection to a database and catches any exceptions that may occur.

Language: ( code)
N/A

Language: Java(Bad code)
try { Connection con = DriverManager.getConnection(some_connection_string); } catch ( Exception e ) { log( e ); }

Language: ( code)
N/A

If an exception occurs after establishing the database connection and before the same connection closes, the pool of database connections may become exhausted. If the number of available connections is exceeded, other users cannot access this resource, effectively denying access to the application.

Example 3

Under normal conditions the following C# code executes a database query, processes the results returned by the database, and closes the allocated SqlConnection object. But if an exception occurs while executing the SQL or processing the results, the SqlConnection object is not closed. If this happens often enough, the database will run out of available cursors and not be able to execute any more SQL queries.

Language: ( code)
N/A

Language: C#(Bad code)
... SqlConnection conn = new SqlConnection(connString); SqlCommand cmd = new SqlCommand(queryString); cmd.Connection = conn; conn.Open(); SqlDataReader rdr = cmd.ExecuteReader(); HarvestResults(rdr); conn.Connection.Close(); ...

Example 4

The following C function does not close the file handle it opens if an error occurs. If the process is long-lived, the process can run out of file handles.

Language: ( code)
N/A

Language: C(Bad code)
int decodeFile(char* fName) { char buf[BUF_SZ]; FILE* f = fopen(fName, "r"); if (!f) { printf("cannot open %s\n", fName); return DECODE_FAIL; } else { while (fgets(buf, BUF_SZ, f)) { if (!checkChecksum(buf)) { return DECODE_FAIL; } else { decodeBlock(buf); } } } fclose(f); return DECODE_SUCCESS; }

Example 5

In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.

Language: ( code)
N/A

Language: C++(Bad code)
class A { void foo(); }; void A::foo(){ int *ptr; ptr = (int*)malloc(sizeof(int)); delete ptr; }

Example 6

In this example, the program calls the delete[] function on non-heap memory.

Language: ( code)
N/A

Language: C++(Bad code)
class A{ void foo(bool); }; void A::foo(bool heap) { int localArray[2] = { 11,22 }; int *p = localArray; if (heap){ p = new int[2]; } delete[] p; }

▼Observed Examples
ReferenceDescription
CVE-1999-1127
Does not shut down named pipe connections if malformed data is sent.
CVE-2001-0830
Sockets not properly closed when attacker repeatedly connects and disconnects from server.
CVE-2002-1372
Chain: Return values of file/socket operations are not checked (CWE-252), allowing resultant consumption of file descriptors (CWE-772).
Reference: CVE-1999-1127
Description:
Does not shut down named pipe connections if malformed data is sent.
Reference: CVE-2001-0830
Description:
Sockets not properly closed when attacker repeatedly connects and disconnects from server.
Reference: CVE-2002-1372
Description:
Chain: Return values of file/socket operations are not checked (CWE-252), allowing resultant consumption of file descriptors (CWE-772).
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      Primary
      Improper release or shutdown of resources can be primary to resource exhaustion, performance, and information confidentiality problems to name a few.
      Resultant
      Improper release or shutdown of resources can be resultant from improper error handling or insufficient resource tracking.
      Ordinality: Primary
      Description:
      Improper release or shutdown of resources can be primary to resource exhaustion, performance, and information confidentiality problems to name a few.
      Ordinality: Resultant
      Description:
      Improper release or shutdown of resources can be resultant from improper error handling or insufficient resource tracking.
      ▼Detection Methods
      Automated Dynamic Analysis
      Detection Method ID:DM-2
      Description:

      This weakness can be detected using dynamic tools and techniques that interact with the software using large test suites with many diverse inputs, such as fuzz testing (fuzzing), robustness testing, and fault injection. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.

      Resource clean up errors might be detected with a stress-test by calling the software simultaneously from a large number of threads or processes, and look for evidence of any unexpected behavior. The software's operation may slow down, but it should not become unstable, crash, or generate incorrect results.

      Effectiveness:Moderate
      Note:

      N/A


      Manual Dynamic Analysis
      Detection Method ID:DM-12
      Description:

      Identify error conditions that are not likely to occur during normal usage and trigger them. For example, run the product under low memory conditions, run with insufficient privileges or permissions, interrupt a transaction before it is completed, or disable connectivity to basic network services such as DNS. Monitor the software for any unexpected behavior. If you trigger an unhandled exception or similar error that was discovered and handled by the application's environment, it may still indicate unexpected conditions that were not handled by the application itself.

      Effectiveness:
      Note:

      N/A


      Automated Static Analysis
      Detection Method ID:DM-14
      Description:

      Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

      Effectiveness:High
      Note:

      N/A

      ▼Vulnerability Mapping Notes
      Usage:Allowed-with-Review
      Reason:Abstraction
      Rationale:

      This CWE entry is a Class and might have Base-level children that would be more appropriate

      Comments:

      Examine children of this entry to see if there is a better fit

      Suggestions:
      ▼Notes
      Relationship

      Overlaps memory leaks, asymmetric resource consumption, malformed input errors.

      N/A

      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      PLOVERN/AN/AImproper resource shutdown or release
      7 Pernicious KingdomsN/AN/AUnreleased Resource
      OWASP Top Ten 2004A9CWE More SpecificDenial of Service
      CERT C Secure CodingFIO42-CCWE More AbstractClose files when they are no longer needed
      CERT C Secure CodingMEM31-CCWE More AbstractFree dynamically allocated memory when no longer needed
      The CERT Oracle Secure Coding Standard for Java (2011)FIO04-JN/ARelease resources when they are no longer needed
      Software Fault PatternsSFP14N/AFailure to release resource
      Taxonomy Name: PLOVER
      Entry ID: N/A
      Fit: N/A
      Entry Name: Improper resource shutdown or release
      Taxonomy Name: 7 Pernicious Kingdoms
      Entry ID: N/A
      Fit: N/A
      Entry Name: Unreleased Resource
      Taxonomy Name: OWASP Top Ten 2004
      Entry ID: A9
      Fit: CWE More Specific
      Entry Name: Denial of Service
      Taxonomy Name: CERT C Secure Coding
      Entry ID: FIO42-C
      Fit: CWE More Abstract
      Entry Name: Close files when they are no longer needed
      Taxonomy Name: CERT C Secure Coding
      Entry ID: MEM31-C
      Fit: CWE More Abstract
      Entry Name: Free dynamically allocated memory when no longer needed
      Taxonomy Name: The CERT Oracle Secure Coding Standard for Java (2011)
      Entry ID: FIO04-J
      Fit: N/A
      Entry Name: Release resources when they are no longer needed
      Taxonomy Name: Software Fault Patterns
      Entry ID: SFP14
      Fit: N/A
      Entry Name: Failure to release resource
      ▼Related Attack Patterns
      IDName
      CAPEC-125
      Flooding
      CAPEC-130
      Excessive Allocation
      CAPEC-131
      Resource Leak Exposure
      CAPEC-494
      TCP Fragmentation
      CAPEC-495
      UDP Fragmentation
      CAPEC-496
      ICMP Fragmentation
      CAPEC-666
      BlueSmacking
      ID: CAPEC-125
      Name: Flooding
      ID: CAPEC-130
      Name: Excessive Allocation
      ID: CAPEC-131
      Name: Resource Leak Exposure
      ID: CAPEC-494
      Name: TCP Fragmentation
      ID: CAPEC-495
      Name: UDP Fragmentation
      ID: CAPEC-496
      Name: ICMP Fragmentation
      ID: CAPEC-666
      Name: BlueSmacking
      ▼References
      Reference ID: REF-44
      Title: 24 Deadly Sins of Software Security
      Author: Michael Howard, David LeBlanc, John Viega
      Section: "Sin 8: C++ Catastrophes." Page 143
      Publication:
      McGraw-Hill
      Publisher:
      Edition:
      URL:
      URL Date:
      Day:N/A
      Month:N/A
      Year:2010
      Details not found