CWE-666: Operation on Resource in Wrong Phase of Lifetime

ClassDraft

The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors.

View on MITRE
Back to CWE Lookup

Extended Description

A resource's lifecycle includes several phases: initialization, use, and release. For each phase, it is important to follow the specifications outlined for how to operate on the resource and to ensure that the resource is in the expected phase. Otherwise, if a resource is in one phase but the operation is not valid for that phase (i.e., an incorrect phase of the resource's lifetime), then this can produce resultant weaknesses. For example, using a resource before it has been fully initialized could cause corruption or incorrect data to be used.

Technical Details

Structure
Simple

Applicable To

Languages
Platforms

Frequently Asked Questions

What is CWE-666: Operation on Resource in Wrong Phase of Lifetime?+

CWE-666: Operation on Resource in Wrong Phase of Lifetime is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors. A resource's lifecycle includes several phases: initialization, use, and release. For each phase, it is important to follow the specifications outlined for how to operate on the resource and to ensure that the resource is in the expected phase. Otherwise, if a resource is in one phase but the operation is not valid for that phase (i.e., an incorrect phase of the resource's lifetime), then this can produce resultant weaknesses. For example, using a resource before it has been fully initialized could cause corruption or incorrect data to be used.

What are the security consequences of Operation on Resource in Wrong Phase of Lifetime?+

If exploited, CWE-666 (Operation on Resource in Wrong Phase of Lifetime) it can compromise Other, leading to outcomes such as Other.

How do you prevent or mitigate Operation on Resource in Wrong Phase of Lifetime?+

Recommended mitigations for CWE-666 include: Follow the resource's lifecycle from creation to release.

What are real-world examples of Operation on Resource in Wrong Phase of Lifetime?+

MITRE documents real CVEs mapped to CWE-666, including CVE-2006-5051. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.

What is the difference between a CWE and a CVE?+

A CWE (Common Weakness Enumeration) like CWE-666 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.

Learn More