目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-404 不恰当的资源关闭或释放 类漏洞列表 356

CWE-404 不恰当的资源关闭或释放 类弱点 356 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-404属于资源管理缺陷,指程序在资源重用前未正确释放或释放不当。攻击者常利用此漏洞耗尽系统资源,导致拒绝服务或引发内存泄漏。开发者需确保在所有执行路径(包括异常和超时)中均正确释放资源,严格管理资源生命周期,防止资源泄露以维持系统稳定性。

MITRE CWE 官方描述
CWE:CWE-404 不正确的资源关闭或释放 (Improper Resource Shutdown or Release) 英文:产品在资源被重新使用前未释放或不正确地释放了资源。 当资源被创建或分配时,开发人员有责任正确释放该资源,并考虑到所有潜在的过期或失效路径,例如设定的时间段或撤销。
常见影响 (2)
Availability, OtherDoS: Resource Consumption (Other), Varies by Context
Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, the attacker might be able to launch a denial of service attack by depleting the resource pool.
ConfidentialityRead Application Data
When a resource containing sensitive information is not correctly shutdown, it may expose the sensitive data in a subsequent allocation.
缓解措施 (4)
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, languages such as Java, Ruby, and Lisp perform automatic garbage collection that releases memory for objects that have been deallocated.
ImplementationIt is good practice to be responsible for freeing all resources you allocate and to be consistent with how and where you free memory in a function. If you allocate memory that you intend to free upon completion of the function, you must be sure to free the memory at all exit points for that function including error conditions.
ImplementationMemory should be allocated/freed using matching functions such as malloc/free, new/delete, and new[]/delete[].
ImplementationWhen releasing a complex object or structure, ensure that you properly dispose of all of its member components, not just the object itself.
代码示例 (2)
The following method never closes the new file handle. Given enough time, the Finalize() method for BufferReader should eventually call Close(), but there is no guarantee as to how long this action will take. In fact, there is no guarantee that Finalize() will ever be invoked. In a busy environment, the Operating System could use up all of the available file handles before the Close() function is …
private void processFile(string fName) { BufferReader fil = new BufferReader(new FileReader(fName)); String line; while ((line = fil.ReadLine()) != null) { processLine(line); } }
Bad · Java
private void processFile(string fName) { BufferReader fil = new BufferReader(new FileReader(fName)); String line; while ((line = fil.ReadLine()) != null) { processLine(line); } fil.Close(); }
Good · Java
This code attempts to open a connection to a database and catches any exceptions that may occur.
try { Connection con = DriverManager.getConnection(some_connection_string); } catch ( Exception e ) { log( e ); }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-10295 SourceCodester Review App 远程拒绝服务漏洞 — Customer Review App 3.3 Low2026-06-01
CVE-2026-10190 Tenda W12 安全漏洞 — W12 6.5 Medium2026-05-31
CVE-2026-10117 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-30
CVE-2026-10116 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-30
CVE-2026-10115 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-30
CVE-2026-10113 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-30
CVE-2026-9540 vLLM 安全漏洞 — vllm 5.3 Medium2026-05-26
CVE-2026-8745 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-17
CVE-2026-8744 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-17
CVE-2026-8731 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-17
CVE-2026-8730 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-17
CVE-2026-8729 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-17
CVE-2026-8728 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-17
CVE-2026-40136 SAP Financial Consolidation 安全漏洞 — SAP Financial Consolidation 4.3 Medium2026-05-12
CVE-2026-8292 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-11
CVE-2026-8291 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-11
CVE-2026-8290 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-11
CVE-2026-8289 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-11
CVE-2026-8288 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-11
CVE-2026-8270 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-11
CVE-2026-8269 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-11
CVE-2026-8268 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-11
CVE-2026-8267 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-11
CVE-2026-8266 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-11
CVE-2026-8251 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-10
CVE-2026-8250 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-10
CVE-2026-8249 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-10
CVE-2026-8248 Open5GS 安全漏洞 — Open5GS 4.3 Medium2026-05-10
CVE-2026-8232 Dotouch XproUPF 安全漏洞 — XproUPF 3.5 Low2026-05-10
CVE-2026-7263 PHP 安全漏洞 — PHP 7.5 -2026-05-10

CWE-404(不恰当的资源关闭或释放) 是常见的弱点类别,本平台收录该类弱点关联的 356 条 CVE 漏洞。