CWE-826: Premature Release of Resource During Expected Lifetime
Weakness ID: 826
The program releases a resource that is still intended to be used by the program itself or another actor.
This weakness focuses on errors in which the program should not release a resource, but performs the release anyway. This is different than a weakness in which the program releases a resource at the appropriate time, but it maintains a reference to the resource, which it later accesses. For this weaknesses, the resource should still be valid upon the subsequent access.
When a program releases a resource that is still being used, it is possible that operations will still be taken on this resource, which may have been repurposed in the meantime, leading to issues similar to CWE-825. Consequences may include denial of service, information exposure, or code execution.
If the released resource is subsequently reused or reallocated, then a
read operation on the original resource might access sensitive data that
is associated with a different user or entity.
Technical Impact: DoS: crash / exit /
When the resource is released, the software might modify some of its
structure, or close associated channels (such as a file descriptor).
When the software later accesses the resource as if it is valid, the
resource might not be in an expected state, leading to resultant errors
that may lead to a crash.
Under-studied and under-reported as of September 2010. This weakness has
been reported in high-visibility software, although the focus has been
primarily on memory allocation and de-allocation. There are very few
examples of this weakness that are not directly related to memory
management, although such weaknesses are likely to occur in real-world
software for other types of resources.
Internal CWE Team
CWE Content Team
More information is available — Please select a different filter.
Page Last Updated:
May 05, 2017
Use of the Common Weakness Enumeration and the associated references from this website are subject to the