Description
The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
Modes of Introduction:
– Architecture and Design
Related Weaknesses
CWE-666
Consequences
Integrity, Confidentiality: Modify Application Data, Read Application Data
If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity.
Other, Availability: Other, DoS: Crash, Exit, or Restart
When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash.
Potential Mitigations
CVE References
- CVE-2009-3547
- chain: race condition might allow resource to be released before operating on it, leading to NULL dereference
