CWE-672

ClassDraft

View on MITRE

Operation on a Resource after Expiration or Release

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

26 linked vulnerabilities

1 related weaknesses

IntegrityConfidentialityModify Application DataRead Application Data

If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity.

OtherAvailabilityOtherDoS: Crash, Exit, or Restart

When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash.

Automated Static AnalysisEffectiveness: High

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Modes of Introduction

ImplementationOperation

Related Weaknesses

CWE-666ChildOf

Example CVEs (1)

CVE-2009-3547

Chain: race condition (CWE-362) might allow resource to be released before operating on it, leading to NULL dereference (CWE-476)

External Links

MITRE CWE Database

CWE-672: Operation on a Resource after Expiration or Release | Mondoo Vulnerability Intelligence