CWE-771: Missing Reference to Active Allocated Resource
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.
扩展描述
This does not necessarily apply in languages or frameworks that automatically perform garbage collection, since the removal of all references may act as a signal that the resource is ready to be reclaimed.
常见后果
影响范围: Availability
技术影响: DoS: Resource Consumption (Other)
说明: An attacker that can influence the allocation of resources that are not properly maintained could deplete the available resource pool and prevent all other processes from accessing the same type of resource.
潜在缓解措施
阶段: Operation Architecture and Design
策略: Resource Limitation
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | - |
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CERT C Secure Coding | FIO42-C | Close files when they are no longer needed | CWE More Abstract |
| CERT C Secure Coding | MEM31-C | Free dynamically allocated memory when no longer needed | CWE More Abstract |
| Software Fault Patterns | SFP14 | Failure to Release Resource | - |
| ISA/IEC 62443 | Part 3-3 | Req SR 7.2 | - |
| ISA/IEC 62443 | Part 4-1 | Req SVV-1 | - |
| ISA/IEC 62443 | Part 4-2 | Req CR 7.2 | - |