CWE · MITRE source
CWE-911Improper Update of Reference Count
The product uses a reference count to manage a resource, but it does not update or incorrectly updates the reference count.
Reference counts can be used when tracking how many objects contain a reference to a particular resource, such as in memory management or garbage collection. When the reference count reaches zero, the resource can be de-allocated or reused because there are no more objects that use it. If the reference count accidentally reaches zero, then the resource might be released too soon, even though it is still in use. If all objects no longer use the resource, but the reference count is not zero, then the resource might not ever be released.
Last updated: 09 May 2026 03:25 UTC
NIST 800-53 r5 controls that address this weakness (0)AI
| Control | Title | Family | Why it addresses this CWE |
|---|---|---|---|
| No NIST controls proposed yet. | |||
Top CVEs of this weakness type, ranked by Risk Priority
| CVE | Risk | CVSS | EPSS | Published |
|---|---|---|---|---|
CVE-2024-43102 | 2.1 | 10.0 | 0.0114 | 2024-09-05 |
CVE-2022-37012 | 1.9 | 7.5 | 0.0691 | 2023-03-29 |
CVE-2022-29581 | 1.6 | 7.8 | 0.0019 | 2022-05-17 |
CVE-2023-5633 | 1.6 | 7.8 | 0.0001 | 2023-10-23 |
CVE-2024-46972 | 1.6 | 7.8 | 0.0005 | 2024-12-28 |
CVE-2022-22195 | 1.5 | 7.5 | 0.0063 | 2022-04-14 |
CVE-2023-22394 | 1.5 | 7.5 | 0.0040 | 2023-01-13 |
CVE-2021-47327 | 1.4 | 7.1 | 0.0005 | 2024-05-21 |
CVE-2022-1678 | 1.3 | 5.9 | 0.0152 | 2022-05-25 |
CVE-2020-11935 | 0.9 | 4.4 | 0.0004 | 2023-04-07 |
CVE-2023-2019 | 0.9 | 4.4 | 0.0002 | 2023-04-24 |
CVE-2024-45783 | 0.9 | 4.4 | 0.0002 | 2025-02-18 |