CWE-771 Detail

CWE-771

Missing Reference to Active Allocated Resource
Medium
Incomplete
2009-05-27
00h00 +00:00
2023-06-29
00h00 +00:00
CWE Mitre.org
Notifications for a CWE
Stay informed of any changes for a specific CWE.
Notifications manage

Name: Missing Reference to Active Allocated Resource

The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.

CWE Description

This does not necessarily apply in languages or frameworks that automatically perform garbage collection, since the removal of all references may act as a signal that the resource is ready to be reclaimed.

General Informations

Modes Of Introduction

Implementation

Common Consequences

Scope Impact Likelihood
AvailabilityDoS: Resource Consumption (Other)

Note: An attacker that can influence the allocation of resources that are not properly maintained could deplete the available resource pool and prevent all other processes from accessing the same type of resource.

Potential Mitigations

Phases : Operation // Architecture and Design

Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.

When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.

Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703).


Vulnerability Mapping Notes

Justification : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.
Comment : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

Submission

Name Organization Date Date release Version
CWE Content Team MITRE 2009-05-13 +00:00 2009-05-27 +00:00 1.4

Modifications

Name Organization Date Comment
CWE Content Team MITRE 2009-07-27 +00:00 updated Relationships
CWE Content Team MITRE 2010-04-05 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2011-06-01 +00:00 updated Common_Consequences
CWE Content Team MITRE 2012-05-11 +00:00 updated Relationships
CWE Content Team MITRE 2012-10-30 +00:00 updated Potential_Mitigations
CWE Content Team MITRE 2014-07-30 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2017-01-19 +00:00 updated Relationships
CWE Content Team MITRE 2017-11-08 +00:00 updated Likelihood_of_Exploit, Taxonomy_Mappings
CWE Content Team MITRE 2019-01-03 +00:00 updated Common_Consequences, Maintenance_Notes, Relationships, Theoretical_Notes
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2022-10-13 +00:00 updated Relationships, Taxonomy_Mappings
CWE Content Team MITRE 2023-01-31 +00:00 updated Description
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships, Taxonomy_Mappings, Time_of_Introduction
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes