The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors.
View on MITREA resource's lifecycle includes several phases: initialization, use, and release. For each phase, it is important to follow the specifications outlined for how to operate on the resource and to ensure that the resource is in the expected phase. Otherwise, if a resource is in one phase but the operation is not valid for that phase (i.e., an incorrect phase of the resource's lifetime), then this can produce resultant weaknesses. For example, using a resource before it has been fully initialized could cause corruption or incorrect data to be used.
Follow the resource's lifecycle from creation to release.
No detection method information available for this CWE.
The following code shows a simple example of a double free vulnerability.
Double free vulnerabilities have two common (and sometimes overlapping) causes:
Chain: Signal handler contains too much functionality (CWE-828), introducing a race condition (CWE-362) that leads to a double free (CWE-415).
View DetailsCWE-666: Operation on Resource in Wrong Phase of Lifetime is a Common Weakness Enumeration (CWE) entry maintained by MITRE. The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors. A resource's lifecycle includes several phases: initialization, use, and release. For each phase, it is important to follow the specifications outlined for how to operate on the resource and to ensure that the resource is in the expected phase. Otherwise, if a resource is in one phase but the operation is not valid for that phase (i.e., an incorrect phase of the resource's lifetime), then this can produce resultant weaknesses. For example, using a resource before it has been fully initialized could cause corruption or incorrect data to be used.
If exploited, CWE-666 (Operation on Resource in Wrong Phase of Lifetime) it can compromise Other, leading to outcomes such as Other.
Recommended mitigations for CWE-666 include: Follow the resource's lifecycle from creation to release.
MITRE documents real CVEs mapped to CWE-666, including CVE-2006-5051. You can look up the full details of each CVE, including CVSS scores and remediation guidance, on our CVE Lookup tool.
A CWE (Common Weakness Enumeration) like CWE-666 describes a category of software weakness — the underlying flaw type. A CVE (Common Vulnerabilities and Exposures) identifies a specific, real-world vulnerability in a particular product. In short, a CWE is the kind of mistake, and a CVE is an instance of that mistake being found in software.