CWE-664 在生命周期中对资源的控制不恰当

  • A+
所属分类:CWE(弱点枚举)

CWE-664 在生命周期中对资源的控制不恰当

Improper Control of a Resource Through its Lifetime

结构: Simple

Abstraction: Class

状态: Draft

被利用可能性: unkown

基本描述

The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

扩展描述

Resources often have explicit instructions on how to be created, used and destroyed. When software does not follow these instructions, it can lead to unexpected behaviors and potentially exploitable states.

Even without explicit instructions, various principles are expected to be adhered to, such as "Do not use an object until after its creation is complete," or "do not use an object after it has been slated for destruction."

常见的影响

范围 影响 注释
Other Other

可能的缓解方案

Testing

策略:

Use Static analysis tools to check for unreleased resources.

Notes

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
CERT C Secure Coding FIO39-C CWE More Abstract Do not alternately input and output from a stream without an intervening flush or positioning call

相关攻击模式

  • CAPEC-196
  • CAPEC-21
  • CAPEC-60
  • CAPEC-61
  • CAPEC-62

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: