Weakness reference
CWE-672

Operation on a Resource after Expiration or Release

This weakness occurs when code attempts to use a resource—such as memory, a file handle, a database connection, or a session token—after that resource has been…

01Summary

This weakness occurs when code attempts to use a resource—such as memory, a file handle, a database connection, or a session token—after that resource has been released, expired, or become invalid. The result is often a crash, undefined behavior, or memory corruption that an attacker may be able to exploit. It is a common root cause of denial-of-service and privilege-escalation vulnerabilities.

02How It Happens

A resource is allocated or acquired (memory is malloc'd, a file is opened, a session is created), used normally, and then released or invalidated. However, the code retains a reference to that resource and attempts to use it again without checking whether it is still valid. This can happen due to logic errors, race conditions in multithreaded code, or incorrect lifetime management. The vulnerability is especially dangerous in languages with manual memory management, but can occur in any language if resource state is not properly tracked.

03Real-World Impact

Exploiting this weakness can lead to information disclosure (reading freed memory), denial of service (crash), or remote code execution (if an attacker can control what occupies the freed resource and influence how it is used). In web applications, this often manifests as session-fixation bugs, use-after-free in native plugins, or crashes in background workers that process user input.

04Vulnerable & Fixed Patterns

Vulnerable pattern
import sqlite3

conn = sqlite3.connect(':memory:')
cursor = conn.cursor()
cursor.execute('CREATE TABLE users (id INTEGER, name TEXT)')
conn.close()

# Resource is now released, but code still tries to use it
cursor.execute('SELECT * FROM users')
result = cursor.fetchall()
print(result)

Why it's vulnerable:
The database connection is closed before the cursor is used. Attempting to execute a query on a closed connection will raise an error or exhibit undefined behavior depending on the driver.

Fixed pattern
import sqlite3

conn = sqlite3.connect(':memory:')
try:
    cursor = conn.cursor()
    cursor.execute('CREATE TABLE users (id INTEGER, name TEXT)')
    cursor.execute('SELECT * FROM users')
    result = cursor.fetchall()
    print(result)
finally:
    conn.close()
Vulnerable pattern
<?php
$file = fopen('data.txt', 'r');
$data = fread($file, 1024);
fclose($file);

// File handle is closed, but code tries to read again
$more_data = fread($file, 512);
echo $more_data;
?>

Why it's vulnerable:
The file handle is closed before the second fread() call. Reading from a closed handle produces undefined behavior or a warning.

Fixed pattern
<?php
$file = fopen('data.txt', 'r');
if ($file) {
    $data = fread($file, 1024);
    $more_data = fread($file, 512);
    echo $data . $more_data;
    fclose($file);
}
?>

05Prevention Checklist

Use scope-based resource management.
In Python, use context managers (with statements); in PHP, use try-finally blocks or object destructors to ensure resources are released at a predictable point.
Check resource validity before use.
Verify that a resource is still open or valid (e.g., check file handle, connection state, or session expiration) before attempting operations on it.
Avoid storing raw resource references across function boundaries.
Encapsulate resource access in objects or functions that manage lifetime internally.
Test cleanup paths explicitly.
Write unit tests that verify behavior when resources are released early or unexpectedly.
Use static analysis tools.
Linters and memory checkers (e.g., Valgrind, AddressSanitizer) can detect use-after-free patterns in compiled code.
In multithreaded code, synchronize access.
Use locks or atomic operations to ensure one thread does not release a resource while another is using it.

06Signs You May Already Be Affected

- Intermittent crashes or segmentation faults in production, especially in long-running processes or under high concurrency. - Error logs showing "resource not found," "invalid handle," or "connection closed" errors in unexpected places. - Memory corruption or heap corruption warnings from debugging tools, even if the application does not immediately crash.

07Related Recent Vulnerabilities