Improper Resource Shutdown or Release in org/.../xml/stream/Formatter.java line 111
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| simple-xml (Ubuntu) |
Expired
|
Undecided
|
Unassigned | ||
Bug Description
We are currently using "simple-xml 2.6.2" and "simple-xml 2.3.2", in veracode analisys found this bug in this class (Formatter.java line 111)
Type: mproper Resource Shutdown or Release
Description:
The application fails to release (or incorrectly releases) a system resource before it is made available for re-use. This
condition often occurs with resources such as database connections or file handles. Most unreleased resource issues
result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, it may be
possible to launch a denial of service attack by depleting the resource pool.
Recommendations:
When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as
accounting for all potential paths of expiration or invalidation. Ensure that all code paths properly release resources.
Thanks.
| Seth Arnold (seth-arnold) wrote | #1 |
| Changed in simple-xml (Ubuntu): | |
| status: | New → Incomplete |
| information type: | Private Security → Public |
| Launchpad Janitor (janitor) wrote | #2 |
| Changed in simple-xml (Ubuntu): | |
| status: | Incomplete → Expired |
If there's a bug here, I don't see it:
public Formatter(Writer result, Format format){
this.result = new BufferedWriter(
this.buffer = new OutputBuffer();
this.prolog = format.getProlog();
}
What am I missing?
Thanks