CWE-1091 (Use of Object without Invoking Destructor Method) is a common software weakness type identified by MITRE's CWE dictionary.

What is the difference between CVE and CWE?

CWE refers to the type of software weakness (root cause), while CVE refers to a specific instance of a vulnerability in a product.

Back to CWE Database

CWE-1091

Use of Object without Invoking Destructor Method

Weakness Description

The product contains a method that accesses an object but does not later invoke the element's associated finalize/destructor method.

Common Consequences

Other

Reduce Performance

This issue can make the product perform more slowly by retaining memory and/or other resources longer than necessary. If the relevant code is reachable by an attacker, then this performance problem might introduce a vulnerability.

Detection Methods

Automated Static Analysis

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Related Weaknesses

CWE-772 CWE-1076

Related Resources

Browse CWE Database

Explore 493 software weaknesses

CVE Database

Search 294,000+ vulnerabilities

Security Writeups

Learn from real-world examples

About 4nuxd

Cybersecurity research & tools

Get in touch for collaboration

Homepage

Explore more security resources