1. Home
  2. CWE Database
  3. CWE-773
Variant · Low-Medium

CWE-773: Missing Reference to Active File Descriptor or Handle

The product does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed.

CWE-773 · Variant Level ·1 Mitigations

Description

The product does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed.

This can cause the product to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations.

Potential Impact

Availability

DoS: Resource Consumption (Other)

Mitigations & Prevention

OperationArchitecture and Design

Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems. When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resour

Detection Methods

  • Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

CWE-771: Missing Reference to Active Allocated Resource

The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource fr...

Taxonomy Mappings

  • CERT C Secure Coding: FIO42-C — Close files when they are no longer needed
  • Software Fault Patterns: SFP14 — Failure to Release Resource

Frequently Asked Questions

What is CWE-773?

CWE-773 (Missing Reference to Active File Descriptor or Handle) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product does not properly maintain references to a file descriptor or handle, which prevents that file descriptor/handle from being reclaimed.

How can CWE-773 be exploited?

Attackers can exploit CWE-773 (Missing Reference to Active File Descriptor or Handle) to dos: resource consumption (other). This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-773?

Key mitigations include: Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resourc

What is the severity of CWE-773?

CWE-773 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.