Improper Resource Shutdown or Release

CWE-404

Overtime trend (NVD)

CVSS severity (NVD, All Time)

Per technology (GHSA, All time)

39%-Maven
17%-Go
13%-Pip
30%-Others

Short description

The product does not release or incorrectly releases a resource before it is made available for re-use.

Extended description

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.

Best practices to prevent this CWE

Phase: Requirements

Strategy: Language Selection

Use a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.

Phase: Implementation

It is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions.

Phase: Implementation

Memory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[].

Phase: Implementation

When releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself.

Recently published CVEs

CVE-2024-4013
CVE-2022-48661
CVE-2024-4292
CVE-2024-3764
CVE-2024-2995

Recently published GHSA

GHSA-4vwx-54mw-vqfw
GHSA-32jq-mv89-5rx7
GHSA-pjrj-h4fg-6gm4
GHSA-pjrj-h4fg-6gm4
GHSA-vpjg-wmf8-29h9

Prioritize and Uncover Reachable Vulnerabilities in Your Application Code

Identify externally reachable data flows and vulnerabilities for effective risk mitigation

Get a Demo