Détail de la catégorie CWE-399

CWE-399

Resource Management Errors
Draft
2006-07-19 +00:00
2023-06-29 +00:00
CWE Mitre.org
Notifications pour un CWE
Restez informé de toutes modifications pour un CWE spécifique.
Gestion des notifications

Nom: Resource Management Errors

Weaknesses in this category are related to improper management of system resources.

Listes des membres CWE

CWE-73: External Control of File Name or Path Base

CWE-403: Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak') Base

CWE-410: Insufficient Resource Pool Base

CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') Base

CWE-502: Deserialization of Untrusted Data Base

CWE-619: Dangling Database Cursor ('Cursor Injection') Base

CWE-641: Improper Restriction of Names for Files and Other Resources Base

CWE-694: Use of Multiple Resources with Duplicate Identifier Base

CWE-763: Release of Invalid Pointer or Reference Base

CWE-770: Allocation of Resources Without Limits or Throttling Base

CWE-771: Missing Reference to Active Allocated Resource Base

CWE-772: Missing Release of Resource after Effective Lifetime Base

CWE-826: Premature Release of Resource During Expected Lifetime Base

CWE-908: Use of Uninitialized Resource Base

CWE-909: Missing Initialization of Resource Base

CWE-910: Use of Expired File Descriptor Base

CWE-911: Improper Update of Reference Count Base

CWE-914: Improper Control of Dynamically-Identified Variables Base

CWE-915: Improperly Controlled Modification of Dynamically-Determined Object Attributes Base

CWE-920: Improper Restriction of Power Consumption Base

CWE-1188: Initialization of a Resource with an Insecure Default Base

CWE-1341: Multiple Releases of Same Resource or Handle Base

Informations du CWE

Notes de cartographie des vulnérabilités

Justification : This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1287]. This CWE ID may have become widely-used because of NIST's usage in NVD from 2008 to 2016 (see CWE-635 view, updated to the CWE-1003 view in 2016).
Commentaire : Some weakness-oriented alternatives might be found as descendants under Uncontrolled Resource Consumption (CWE-400).

Soumission

Nom Organisation Date Date de publication Version
PLOVER 2006-07-19 +00:00 2006-07-19 +00:00 Draft 3

Modifications

Nom Organisation Date Commentaire
CWE Content Team MITRE 2008-09-08 +00:00 updated Relationships, Other_Notes, Taxonomy_Mappings
CWE Content Team MITRE 2009-05-27 +00:00 updated Relationships
CWE Content Team MITRE 2014-06-23 +00:00 updated Other_Notes
CWE Content Team MITRE 2014-07-30 +00:00 updated Detection_Factors
CWE Content Team MITRE 2015-12-07 +00:00 updated Relationships
CWE Content Team MITRE 2017-01-19 +00:00 updated Relationships
CWE Content Team MITRE 2017-11-08 +00:00 updated Applicable_Platforms, Detection_Factors, Relationships
CWE Content Team MITRE 2019-01-03 +00:00 updated Relationships
CWE Content Team MITRE 2019-06-20 +00:00 updated Relationships
CWE Content Team MITRE 2020-02-24 +00:00 updated Relationships
CWE Content Team MITRE 2022-10-13 +00:00 updated References
CWE Content Team MITRE 2023-04-27 +00:00 updated Relationships
CWE Content Team MITRE 2023-06-29 +00:00 updated Mapping_Notes

Références

REF-1287

Supplemental Details - 2022 CWE Top 25
MITRE.
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25_supplemental.html#problematicMappingDetails