CWE-404: Improper Resource Shutdown or Release

ID CWE-404

Abstraction Class

Structure Simple

Status Draft

Number of CVEs 341

The product does not release or incorrectly releases a resource before it is made available for re-use.

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

Modes of Introduction

Phase	Note
Implementation

Applicable Platforms

Type	Class	Name	Prevalence
Language	Not Language-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-664	Improper Control of a Resource Through its Lifetime	Pillar	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-405	Asymmetric Resource Consumption (Amplification)	Class	Simple	Incomplete
CWE-1000	Research Concepts	Draft	CWE-619	Dangling Database Cursor ('Cursor Injection')	Base	Simple	Incomplete

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-125	Flooding	CWE-404
CAPEC-130	Excessive Allocation	CWE-404
CAPEC-131	Resource Leak Exposure	CWE-404
CAPEC-494	TCP Fragmentation	CWE-404
CAPEC-495	UDP Fragmentation	CWE-404
CAPEC-496	ICMP Fragmentation	CWE-404
CAPEC-666	BlueSmacking	CWE-404

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date