CWE-666: Operation on Resource in Wrong Phase of Lifetime
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors.
扩展描述
A resource's lifecycle includes several phases: initialization, use, and release. For each phase, it is important to follow the specifications outlined for how to operate on the resource and to ensure that the resource is in the expected phase. Otherwise, if a resource is in one phase but the operation is not valid for that phase (i.e., an incorrect phase of the resource's lifetime), then this can produce resultant weaknesses. For example, using a resource before it has been fully initialized could cause corruption or incorrect data to be used.
常见后果
影响范围: Other
技术影响: Other
潜在缓解措施
阶段: Architecture and Design
描述: Follow the resource's lifecycle from creation to release.
观察示例
参考: CVE-2006-5051
Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition (CWE-362) that leads to a double free (CWE-415).
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | FIO46-C | Do not access a closed file | CWE More Abstract |
| CERT C Secure Coding | MEM30-C | Do not access freed memory | CWE More Abstract |