Initialization and Cleanup Errors
A category in the Common Weakness Enumeration published by The MITRE Corporation.
Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.
Weaknesses in this category occur in behaviors that are used for initialization and breakdown.
The software initializes a data element using a hard-coded literal that is not a simple integer or static constant element.
The software initializes critical internal variables or data stores using inputs that can be modified by untrusted actors.
The product does not clean up its state or incorrectly cleans up its state when an exception is thrown, leading to unexpected state or control flow.
The software does not properly "clean up" and remove temporary or supporting resources after they have been used.
The software initializes data using hard-coded values that act as network resource identifiers.
The software initializes or sets a resource with a default that is intended to be changed by the administrator, but the default is not secure.
The software does not exit or otherwise modify its operation when security-relevant errors occur during initialization, such as when a configuration file has a format ...
The product releases a resource such as memory or a file so that it can be made available for reuse, but it does not clear or "zeroize" the information contained in th...
This view organizes weaknesses around concepts that are frequently used or encountered in software development. This includes all aspects of the software development l...