CWE-666 在生命周期错误阶段对资源进行操作

  • A+
所属分类:CWE(弱点枚举)

CWE-666 在生命周期错误阶段对资源进行操作

Operation on Resource in Wrong Phase of Lifetime

结构: Simple

Abstraction: Class

状态: Draft

被利用可能性: unkown

基本描述

The software performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors.

扩展描述

When a developer wants to initialize, use or release a resource, it is important to follow the specifications outlined for how to operate on that resource and to ensure that the resource is in the expected state. In this case, the software wants to perform a normally valid operation, initialization, use or release, on a resource when it is in the incorrect phase of its lifetime.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 664 cwe_View_ID: 1000 cwe_Ordinal: Primary

常见的影响

范围 影响 注释
Other Other

可能的缓解方案

Architecture and Design

策略:

Follow the resource's lifecycle from creation to release.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CERT C Secure Coding FIO46-C CWE More Abstract Do not access a closed file
CERT C Secure Coding MEM30-C CWE More Abstract Do not access freed memory

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: