CWE-619: Dangling Database Cursor ('Cursor Injection')

Description

If a database cursor is not closed properly, then it could become accessible to other users while retaining the same privileges that were originally assigned, leaving the cursor "dangling."

Extended Description

For example, an improper dangling cursor could arise from unhandled exceptions. The impact of the issue depends on the cursor's role, but SQL injection attacks are commonly possible.

ThreatScore

Threat Mapped score: 0.0

Industry: Finiancial

Threat priority: Unclassified

Observed Examples (CVEs)

No observed examples available.

Related Attack Patterns (CAPEC)

N/A

Attack TTPs

N/A

Modes of Introduction

Phase	Note
Implementation	This issue is currently reported for unhandled exceptions, but it is theoretically possible any time the programmer does not close the cursor at the proper time.

Common Consequences

Impact: Read Application Data, Modify Application Data — Notes:

Potential Mitigations

Implementation: Close cursors immediately after access to them is complete. Ensure that you close cursors if exceptions occur. (N/A)

Applicable Platforms

SQL (N/A, Undetermined)

Demonstrative Examples

N/A

Notes

No notes available.

← Back to CWE list