CWE-672: Operation on a Resource after Expiration or Release
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
常见后果
影响范围: Integrity Confidentiality
技术影响: Modify Application Data Read Application Data
说明: If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity.
影响范围: Other Availability
技术影响: Other DoS: Crash, Exit, or Restart
说明: When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash.
观察示例
参考: CVE-2009-3547
Chain: race condition (CWE-362) might allow resource to be released before operating on it, leading to NULL dereference (CWE-476)
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
| Operation | - |
适用平台
编程语言
技术
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| Software Fault Patterns | SFP15 | Faulty Resource Use | - |
| CERT C Secure Coding | FIO46-C | Do not access a closed file | CWE More Abstract |
| CERT C Secure Coding | MEM30-C | Do not access freed memory | CWE More Abstract |
| OMG ASCSM | ASCSM-CWE-672 | - |