CWE-404

不適切なリソースのシャットダウンまたはリリース

Improper Resource Shutdown or Release

脆弱性レビュー中

日本語説明

この製品は、再利用のために利用可能になる前にリソースを解放しないか、誤って解放する。

リソースが作成されたり割り当てられたりした場合、開発者はリソースを適切に解放する責任を負うとともに、設定された期間や失効など、期限切れや無効になる可能性のあるすべての経路を考慮しなければなりません。

原文 (English)

The product does not release or incorrectly releases a resource before it is made available for re-use.

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

関連する脆弱性

想定される影響

Scope: Availability, Other / Impact: DoS: Resource Consumption (Other); Varies by Context

Scope: Confidentiality / Impact: Read Application Data

対策・緩和策

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions.

Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[].

When releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself.

外部リンク

MITRE公式ページ — CWE-404