Description

The product does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.

Extended Description

Resources often have explicit instructions on how to be created, used and destroyed. When code does not follow these instructions, it can lead to unexpected behaviors and potentially exploitable states. Even without explicit instructions, various principles are expected to be adhered to, such as "Do not use an object until after its creation is complete," or "do not use an object after it has been slated for destruction."

---

ThreatScore

Threat Mapped score: 1.8

Industry: Finiancial

Threat priority: P4 - Informational (Low)

---

Observed Examples (CVEs)

• CVE: CVE-2018-1000613

  Cryptography API uses unsafe reflection when deserializing a private key

• CVE: CVE-2022-21668

  Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190).

Related Attack Patterns (CAPEC)

---

Attack TTPs

Malware

APTs (Intrusion Sets)

Modes of Introduction

Phase	Note
Implementation	N/A

Common Consequences

Potential Mitigations

Applicable Platforms

• None (Not Language-Specific, Undetermined)

---

Demonstrative Examples

N/A

Notes

← Back to CWE list