Resource Management Errors
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category are related to improper management of system resources.
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be...
If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving ...
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.
A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descript...
The software allows user input to control or influence paths or file names that are used in filesystem operations.
The software does not properly restrict reading from or writing to dynamically-identified variables.
The application constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting...
The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the ...
The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.
The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, bu...
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
The software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) ...
The software does not initialize a critical resource.
The software does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.
The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
The program releases a resource that is still intended to be used by the program itself or another actor.
The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.
The software uses or accesses a file descriptor after it has been closed.
The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper clas...
The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.
The software uses or accesses a resource that has not been initialized.
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...