Premature Release of Resource During Expected Lifetime
This happens when software incorrectly frees or closes a resource—like memory, a file handle, or a network connection—while that resource is still supposed to be in active use by the program or another component.
This bug occurs specifically when the release itself is premature and incorrect, not when a stale reference is kept to a properly released resource. After the premature release, the program or another actor may continue trying to use the resource, but that resource may have been reallocated or repurposed by the system, leading to unpredictable behavior. The consequences can be severe. Attempting to operate on a repurposed resource can crash the program (denial of service), leak sensitive information, or in some cases, be exploited to execute arbitrary code. It's a flaw in the program's logic for managing the lifecycle of its resources.
Impact: Read Application DataRead Memory
If the released resource is subsequently reused or reallocated, then a read operation on the original resource might access sensitive data that is associated with a different user or entity.
Impact: DoS: Crash, Exit, or Restart
When the resource is released, the software might modify some of its structure, or close associated channels (such as a file descriptor). When the software later accesses the resource as if it is valid, the resource might not be in an expected state, leading to resultant errors that may lead to a crash.
Impact: Execute Unauthorized Code or CommandsModify Application DataModify Memory
When the resource is released, the software might modify some of its structure. This might affect logic in the sections of code that still assume the resource is active. If the released resource is related to memory and is used in a function call, or points to unexpected data in a write operation, then code execution may be possible upon subsequent accesses.