CWE-772: Missing Release of Resource after Effective Lifetime

ID CWE-772

Abstraction Base

Structure Simple

Status Draft

Number of CVEs 409

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

When a resource is not released after use, it can allow attackers to cause a denial of service by causing the allocation of resources without triggering their release. Frequently-affected resources include memory, CPU, disk space, power or battery, etc.

Modes of Introduction

Phase	Note
Implementation

Applicable Platforms

Type	Class	Name	Prevalence
Technology	Mobile

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-404	Improper Resource Shutdown or Release	Class	Simple	Draft
CWE-1003	Weaknesses for Simplified Mapping of Published Vulnerabilities	Incomplete	CWE-404	Improper Resource Shutdown or Release	Class	Simple	Draft
CWE-1305	CISQ Quality Measures (2020)	Incomplete	CWE-404	Improper Resource Shutdown or Release	Class	Simple	Draft
CWE-1340	CISQ Data Protection Measures	Incomplete	CWE-404	Improper Resource Shutdown or Release	Class	Simple	Draft

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-469	HTTP DoS	CWE-772

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date