CWE-826: Premature Release of Resource During Expected Lifetime

影响范围: Confidentiality

技术影响: Read Application Data Read Memory

说明: If the released resource is subsequently reused or reallocated, then a read operation on the original resource might access sensitive data that is associated with a different user or entity.

影响范围: Availability

技术影响: DoS: Crash, Exit, or Restart

说明: When the resource is released, the software might modify some of its structure, or close associated channels (such as a file descriptor). When the software later accesses the resource as if it is valid, the resource might not be in an expected state, leading to resultant errors that may lead to a crash.

影响范围: Integrity Confidentiality Availability

技术影响: Execute Unauthorized Code or Commands Modify Application Data Modify Memory

说明: When the resource is released, the software might modify some of its structure. This might affect logic in the sections of code that still assume the resource is active. If the released resource is related to memory and is used in a function call, or points to unexpected data in a write operation, then code execution may be possible upon subsequent accesses.