CWE-664: Improper Control of a Resource Through its Lifetime
Weakness ID: 664
The software does not maintain or incorrectly maintains control over a resource throughout its lifetime of creation, use, and release.
Resources often have explicit instructions on how to be created, used and destroyed. When software does not follow these instructions, it can lead to unexpectedbehaviors and potentially exploitable states.
Even without explicit instructions, various principles are expected to be adhered to, such as "Do not use an object until after its creation is complete," or "do not use an object after it has been slated for destruction."
Time of Introduction
Technical Impact: Other
Use Static analysis tools to check for unreleased resources.
More work is needed on this node and its children. There are perspective/layering issues; for example, one breakdown is based on lifecycle phase (CWE-404, CWE-665), while other children are independent of lifecycle, such as CWE-400. Others do not specify as many bases or variants, such as CWE-704, which primarily covers numbers at this stage.