CWE-400Uncontrolled Resource Consumption

Description

The product does not properly control the allocation and maintenance of a limited resource.

Common consequences

• Availability→DoS: Crash, Exit, or Restart,DoS: Resource Consumption (CPU),DoS: Resource Consumption (Memory),DoS: Resource Consumptio
  If an attacker can trigger the allocation of the limited resources, but the number or size of the resources is not controlled, then the most common result is denial of service. This would prevent valid users from accessing the product, and
• Access Control,Other→Bypass Protection Mechanism,Other
  In some cases it may be possible to force the product to "fail open" in the event of resource exhaustion. The state of the product -- and possibly the security functionality - may then be compromised.

Potential mitigations

• Architecture and Design
  Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perha
• Architecture and Design
  [object Object]
• Architecture and Design
  Ensure that protocols have specific limits of scale placed on them.
• Implementation
  Ensure that all failures in resource allocation place the system into a safe posture.

Related CWEs

Recent CVEs classified under this CWE