CWE-771 6 CVEs MITRE definition ↗

CWE-771: Missing Reference to Active Allocated Resource

Overview

CWE-771 (Missing Reference to Active Allocated Resource) documents a weakness type used across vulnerability databases and security assessments. Use the sections below for definition, context, and mapped CVEs.

Security impact
Security impact: Depends on product and context; use CVE records, severity scores, and MITRE guidance to prioritize.

Description

The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.

Applicable platforms

Kind Name Class Prevalence OS / CPE
language Not Language-Specific Undetermined

Related CVEs in this database

These CVEs are mapped to this weakness in this database and kept for traceability and search.

CVE Published Summary
CVE-2026-3039 2026-05-20 BIND servers that are configured to use TKEY-based authentication via GSS-API tokens are vulnerable to excessive memory consumption when receiving and processing maliciously-constructed packets. Typi…
CVE-2026-20004 2026-03-25 A vulnerability in the TLS library of Cisco IOS XE Software could allow an unauthenticated, adjacent attacker to exhaust the available memory of an affected device. This vulnerability is due to imp…
CVE-2025-21090 2025-08-12 Missing reference to active allocated resource for some Intel(R) Xeon(R) processors may allow an authenticated user to potentially enable denial of service via local access.
CVE-2024-56343 2025-06-06 IBM Verify Identity Access Digital Credentials 24.06 could allow an authenticated user to crash the service with a specially crafted POST request.
CVE-2023-20244 2023-11-01 A vulnerability in the internal packet processing of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series Firewalls could allow an unauthenticated, remote attacker to cause a …
CVE-2021-34720 2021-09-09 A vulnerability in the IP Service Level Agreements (IP SLA) responder and Two-Way Active Measurement Protocol (TWAMP) features of Cisco IOS XR Software could allow an unauthenticated, remote attacker …

Content submission

Name
CWE Content Team
Organization
MITRE
Date
2009-05-13
Version
1.4

Content modifications

Date Name Version Importance Comment
2009-07-27 CWE Content Team 1.5 updated Relationships
2010-04-05 CWE Content Team 1.8.1 updated Potential_Mitigations
2011-06-01 CWE Content Team 1.13 updated Common_Consequences
2012-05-11 CWE Content Team 2.2 updated Relationships
2012-10-30 CWE Content Team 2.3 updated Potential_Mitigations
2014-07-30 CWE Content Team 2.8 updated Relationships, Taxonomy_Mappings
2017-01-19 CWE Content Team 2.10 updated Relationships
2017-11-08 CWE Content Team 3.0 updated Likelihood_of_Exploit, Taxonomy_Mappings
2019-01-03 CWE Content Team 3.2 updated Common_Consequences, Maintenance_Notes, Relationships, Theoretical_Notes
2020-02-24 CWE Content Team 4.0 updated Relationships, Taxonomy_Mappings
2022-10-13 CWE Content Team 4.9 updated Relationships, Taxonomy_Mappings
2023-01-31 CWE Content Team 4.10 updated Description
2023-04-27 CWE Content Team 4.11 updated Relationships, Taxonomy_Mappings, Time_of_Introduction
2023-06-29 CWE Content Team 4.12 updated Mapping_Notes
2025-12-11 CWE Content Team 4.19 updated Applicable_Platforms, Detection_Factors, Weakness_Ordinalities

Contributions

Type Name Date Comment
Content "Mapping CWE to 62443" Sub-Working Group 2023-04-25 Suggested mappings to ISA/IEC 62443.
cvelogic Threat Intelligence