Description

The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

Modes of Introduction:

– Architecture and Design

Related Weaknesses

CWE-666

Consequences

Integrity, Confidentiality: Modify Application Data, Read Application Data

If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity.

Other, Availability: Other, DoS: Crash, Exit, or Restart

When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash.

Potential Mitigations

CVE References

• CVE-2009-3547
  • chain: race condition might allow resource to be released before operating on it, leading to NULL dereference