Category: SFP Secondary Cluster: Failure to Release Resource
Incomplete
Summary
This category identifies Software Fault Patterns (SFPs) within the Failure to Release Resource cluster (SFP14).
Membership
| ID | Name | Description |
|---|---|---|
| CWE-404 | Improper Resource Shutdown or Release | This vulnerability occurs when a program fails to properly close or release a system resource—like a file handle, database connection, or memory block—after it's no longer needed, preventing its reuse. |
| CWE-459 | Incomplete Cleanup | This vulnerability occurs when an application fails to properly remove temporary files, data structures, or system resources after they are no longer needed. |
| CWE-771 | Missing Reference to Active Allocated Resource | This vulnerability occurs when software loses track of a resource it has allocated, like memory or a file handle, preventing the system from properly releasing it back for future use. |
| CWE-772 | Missing Release of Resource after Effective Lifetime | This vulnerability occurs when a program fails to properly release a system resource—like memory, file handles, or network sockets—after it is no longer needed. This leads to a gradual accumulation of unused resources, known as a resource leak. |
| CWE-773 | Missing Reference to Active File Descriptor or Handle | This vulnerability occurs when a program fails to keep track of open files or resources, preventing the system from properly closing and reclaiming them. |
| CWE-775 | Missing Release of File Descriptor or Handle after Effective Lifetime | This vulnerability occurs when a program fails to properly close file descriptors or handles after they are no longer needed, leaving these system resources allocated. |
| CWE-888 | Software Fault Pattern (SFP) Clusters | CWE identifiers in this view are associated with clusters of Software Fault Patterns (SFPs). |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves.
Comment:
See member weaknesses of this category.