CWE · MITRE source
CWE-404Improper Resource Shutdown or Release
The product does not release or incorrectly releases a resource before it is made available for re-use.
When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation, such as a set period of time or revocation.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (4)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
SC-10 | Network Disconnect | SC | Mandates explicit shutdown of the network connection at session conclusion, directly addressing improper resource release. |
SC-4 | Information in Shared System Resources | SC | Requires proper shutdown/release procedures that include overwriting or isolating data to block unintended transfer via reused system objects. |
CP-5 | Contingency Plan Update | CP | Contingency plan updates incorporate proper resource shutdown and release steps, preventing attackers from leveraging incomplete cleanup during recovery scenarios. |
SI-17 | Fail-safe Procedures | SI | Procedures can mandate orderly shutdown or release of resources when failures occur, preventing improper resource handling after a fault. |
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2018-8120 KEV | 9.0 | 7.0 | 0.9415 | 2018-05-09 |
CVE-2018-8405 KEV | 6.6 | 7.8 | 0.4999 | 2018-08-15 |
CVE-2018-8406 KEV | 6.6 | 7.8 | 0.4999 | 2018-08-15 |
CVE-2018-8639 KEV | 5.7 | 7.8 | 0.3487 | 2018-12-12 |
CVE-2018-8611 KEV | 4.5 | 7.8 | 0.1636 | 2018-12-12 |
CVE-2017-6627 KEV | 4.1 | 7.5 | 0.1018 | 2017-09-07 |
CVE-2018-8450 | 3.9 | 8.8 | 0.3506 | 2018-11-14 |
CVE-2024-0546 | 3.3 | 5.3 | 0.3656 | 2024-01-15 |
CVE-2018-8410 | 3.1 | 7.8 | 0.2641 | 2018-09-13 |
CVE-2022-44267 | 2.6 | 6.5 | 0.2209 | 2023-02-06 |
CVE-2017-5650 | 2.3 | 7.5 | 0.1267 | 2017-04-17 |
CVE-2024-51179 | 2.3 | 7.5 | 0.1354 | 2024-11-12 |
CVE-2023-24444 | 2.1 | 9.8 | 0.0158 | 2023-01-26 |
CVE-2025-1103 | 1.9 | 6.5 | 0.0960 | 2025-02-07 |
CVE-2018-8210 | 1.8 | 7.8 | 0.0327 | 2018-06-14 |
CVE-2019-1708 | 1.8 | 8.6 | 0.0094 | 2019-05-03 |
CVE-2020-26070 | 1.8 | 8.6 | 0.0171 | 2020-11-12 |
CVE-2022-25762 | 1.8 | 8.6 | 0.0065 | 2022-05-13 |
CVE-2024-31611 | 1.8 | 9.1 | 0.0023 | 2024-06-10 |
CVE-2017-1145 | 1.7 | 8.6 | 0.0050 | 2017-03-20 |
CVE-2018-8213 | 1.7 | 7.8 | 0.0283 | 2018-06-14 |
CVE-2018-8308 | 1.7 | 6.6 | 0.0594 | 2018-07-11 |
CVE-2019-1706 | 1.7 | 8.6 | 0.0046 | 2019-05-03 |
CVE-2019-15262 | 1.7 | 7.5 | 0.0293 | 2019-10-16 |
CVE-2019-19886 | 1.7 | 7.5 | 0.0401 | 2020-01-21 |