CWE-666 在生命周期错误阶段对资源进行操作

admin 2021年11月6日14:51:13评论65 views字数 896阅读2分59秒阅读模式

CWE-666 在生命周期错误阶段对资源进行操作

Operation on Resource in Wrong Phase of Lifetime

结构: Simple

Abstraction: Class

状态: Draft

被利用可能性: unkown

基本描述

The software performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors.

扩展描述

When a developer wants to initialize, use or release a resource, it is important to follow the specifications outlined for how to operate on that resource and to ensure that the resource is in the expected state. In this case, the software wants to perform a normally valid operation, initialization, use or release, on a resource when it is in the incorrect phase of its lifetime.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 664 cwe_View_ID: 1000 cwe_Ordinal: Primary

常见的影响

范围 影响 注释
Other Other

可能的缓解方案

Architecture and Design

策略:

Follow the resource's lifecycle from creation to release.

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CERT C Secure Coding FIO46-C CWE More Abstract Do not access a closed file
CERT C Secure Coding MEM30-C CWE More Abstract Do not access freed memory

文章来源于互联网:scap中文网

  • 左青龙
  • 微信扫一扫
  • weinxin
  • 右白虎
  • 微信扫一扫
  • weinxin
admin
  • 本文由 发表于 2021年11月6日14:51:13
  • 转载请保留本文链接(CN-SEC中文网:感谢原作者辛苦付出):
                   CWE-666 在生命周期错误阶段对资源进行操作http://cn-sec.com/archives/613645.html

发表评论

匿名网友 填写信息