CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.8)  

Presentation Filter:

CWE-399: Resource Management Errors

 
Resource Management Errors
Category ID: 399 (Category)Status: Draft
+ Description

Description Summary

Weaknesses in this category are related to improper management of system resources.
+ Applicable Platforms

Languages

All

+ Detection Methods

Dynamic Analysis with automated results interpretation

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:

  • Web Application Scanner

  • Web Services Scanner

  • Database Scanners

Effectiveness: SOAR Partial

Dynamic Analysis with manual results interpretation

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:

  • Fuzz Tester

  • Framework-based Fuzzer

  • Monitored Virtual Environment - run potentially malicious code in sandbox / wrapper / virtual machine, see if it does anything suspicious

Effectiveness: SOAR Partial

Manual Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Highly cost effective:

  • Manual Source Code Review (not inspections)

Cost effective for partial coverage:

  • Focused Manual Spotcheck - Focused manual analysis of source

Effectiveness: SOAR High

Automated Static Analysis - Source Code

According to SOAR, the following detection techniques may be useful:

Cost effective for partial coverage:

  • Source code Weakness Analyzer

  • Context-configured Source Code Weakness Analyzer

Effectiveness: SOAR Partial

Architecture / Design Review

According to SOAR, the following detection techniques may be useful:

Highly cost effective:

  • Formal Methods / Correct-By-Construction

Cost effective for partial coverage:

  • Inspection (IEEE 1028 standard) (can apply to requirements, design, source code, etc.)

Effectiveness: SOAR High

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness ClassWeakness Class398Indicator of Poor Code Quality
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base400Uncontrolled Resource Consumption ('Resource Exhaustion')
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base401Improper Release of Memory Before Removing Last Reference ('Memory Leak')
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class402Transmission of Private Resources into a New Sphere ('Resource Leak')
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base404Improper Resource Shutdown or Release
Development Concepts (primary)699
ParentOfWeakness ClassWeakness Class405Asymmetric Resource Consumption (Amplification)
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base410Insufficient Resource Pool
Development Concepts (primary)699
ParentOfCategoryCategory411Resource Locking Problems
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant415Double Free
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base416Use After Free
Development Concepts (primary)699
ParentOfCategoryCategory417Channel and Path Errors
Development Concepts699
ParentOfWeakness VariantWeakness Variant568finalize() Method Without super.finalize()
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant590Free of Memory not on the Heap
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant761Free of Pointer not at Start of Buffer
Development Concepts699
ParentOfWeakness VariantWeakness Variant762Mismatched Memory Management Routines
Development Concepts (primary)699
ParentOfWeakness BaseWeakness Base763Release of Invalid Pointer or Reference
Development Concepts (primary)699
MemberOfViewView635Weaknesses Used by NVD
Weaknesses Used by NVD (primary)635
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
PLOVERResource Management Errors
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
PLOVERExternally Mined
Modifications
Modification DateModifierOrganizationSource
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other_Notes, Taxonomy_Mappings
2009-05-27CWE Content TeamMITREInternal
updated Relationships
2014-06-23CWE Content TeamMITREInternal
updated Other_Notes
2014-07-30CWE Content TeamMITREInternal
updated Detection_Factors
Page Last Updated: July 30, 2014