Tag Archives: CWE- 775

CWE-775 – Missing Release of File Descriptor or Handle after Effective Lifetime

Read Time:51 Second

Description

The software does not release a file descriptor or handle after its effective lifetime has ended, i.e., after the file descriptor/handle is no longer needed.

When a file descriptor or handle is not released after use (typically by explicitly closing it), attackers can cause a denial of service by consuming all available file descriptors/handles, or otherwise preventing other system processes from obtaining their own file descriptors/handles.

Modes of Introduction:

– Implementation

Likelihood of Exploit:

 

Related Weaknesses

CWE-772
CWE-404
CWE-404

 

Consequences

Availability: DoS: Resource Consumption (Other)

An attacker that can influence the allocation of resources that are not properly released could deplete the available resource pool and prevent all other processes from accessing the same type of resource.

 

Potential Mitigations

Phase: Operation, Architecture and Design

Effectiveness:

Description: 

CVE References

 

  • CVE-2007-0897
    • Chain: anti-virus product encounters a malformed file but returns from a function without closing a file descriptor (CWE-775) leading to file descriptor consumption (CWE-400) and failed scans.