Resource Management Errors

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Summary

Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to improper management of system resources.

Weaknesses

Allocation of Resources Without Limits or Throttling

The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be...

Dangling Database Cursor ('Cursor Injection')

If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving ...

Deserialization of Untrusted Data

The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid.

Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those descript...

External Control of File Name or Path

The software allows user input to control or influence paths or file names that are used in filesystem operations.

Improper Control of Dynamically-Identified Variables

The software does not properly restrict reading from or writing to dynamically-identified variables.

Improper Restriction of Names for Files and Other Resources

The application constructs the name of a file or other resource using input from an upstream component, but it does not restrict or incorrectly restricts the resulting...

Improper Restriction of Power Consumption

The software operates in an environment in which power is a limited resource that cannot be automatically replenished, but the software does not properly restrict the ...

Improper Update of Reference Count

The software uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.

Improperly Controlled Modification of Dynamically-Determined Object Attributes

The software receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, bu...

Insecure Default Initialization of Resource

The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.

Insufficient Resource Pool

The software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) ...

Missing Initialization of Resource

The software does not initialize a critical resource.

Missing Reference to Active Allocated Resource

The software does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.

Missing Release of Resource after Effective Lifetime

The software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

Premature Release of Resource During Expected Lifetime

The program releases a resource that is still intended to be used by the program itself or another actor.

Release of Invalid Pointer or Reference

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

Use of Expired File Descriptor

The software uses or accesses a file descriptor after it has been closed.

Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection')

The application uses external input with reflection to select which classes or code to use, but it does not sufficiently prevent the input from selecting improper clas...

Use of Multiple Resources with Duplicate Identifier

The software uses multiple resources that can have the same identifier, in a context in which unique identifiers are required.

Use of Uninitialized Resource

The software uses or accesses a resource that has not been initialized.

Concepts

Software Development

This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.