Improper Control of a Resource Through its Lifetime

The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.


Description

Resources often have explicit instructions on how to be created, used and destroyed. When software does not follow these instructions, it can lead to unexpected behaviors and potentially exploitable states.

Even without explicit instructions, various principles are expected to be adhered to, such as "Do not use an object until after its creation is complete," or "do not use an object after it has been slated for destruction."

See Also

SEI CERT C Coding Standard - Guidelines 09. Input Output (FIO)

Weaknesses in this category are related to the rules and recommendations in the Input Output (FIO) section of the SEI CERT C Coding Standard.

SFP Secondary Cluster: Life Cycle

This category identifies Software Fault Patterns (SFPs) within the Life Cycle cluster.

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Research Concepts

This view is intended to facilitate research into weaknesses, including their inter-dependencies, and can be leveraged to systematically identify theoretical gaps with...

Weaknesses without Software Fault Patterns

CWE identifiers in this view are weaknesses that do not have associated Software Fault Patterns (SFPs), as covered by the CWE-888 view. As such, they represent gaps in...


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.