CWE-664: Improper Control of a Resource Through its Lifetime

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

Recorded CVEs

With this primary weakness

KEVs

In the CISA KEV catalog

Not rated

Likelihood of exploit

Per MITRE

Pillar

Abstraction

MITRE classification

Overview

Resources often have explicit instructions on how to be created, used and destroyed. When code does not follow these instructions, it can lead to unexpected behaviors and potentially exploitable states. Even without explicit instructions, various principles are expected to be adhered to, such as "Do not use an object until after its creation is complete," or "do not use an object after it has been slated for destruction."

CWE-664: Improper Control of a Resource Through its Lifetime

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-664?

What CVEs are caused by CWE-664?

How is CWE-664 detected?

What are the consequences of CWE-664?

Is CWE-664 actively exploited?

References

Stay ahead of CWE-664

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

How to detect it

Automated Static Analysis

Code examples

Illustrative examples

Related weaknesses

Child

Terminology & mappings

Mapped taxonomies

Attack patterns

Frequently asked questions

What is CWE-664?

What CVEs are caused by CWE-664?

How is CWE-664 detected?

What are the consequences of CWE-664?

Is CWE-664 actively exploited?

References

Stay ahead of CWE-664