CWE•Base•Incomplete•20 recent CVEs
CWE-770Allocation of Resources Without Limits or Throttling
Description
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Common consequences
- Availability→DoS: Resource Consumption (CPU),DoS: Resource Consumption (Memory),DoS: Resource Consumption (Other)When allocating resources without limits, an attacker could prevent other systems, applications, or processes from accessing the same type of resource. It can be easy for an attacker to consume many resources by rapidly making many requests
Potential mitigations
- RequirementsClearly specify the minimum and maximum expectations for capabilities, and dictate which behaviors are acceptable when resource allocation reaches limits.
- Architecture and DesignLimit the amount of resources that are accessible to unprivileged users. Set per-user limits for resources. Allow the system administrator to define these limits. Be careful to avoid CWE-410.
- Architecture and DesignDesign throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place, and it will help the administrator to identify who is committing the abuse. The login application should be protected
- Implementation[object Object]
- Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
- Architecture and Design[object Object]
- Architecture and DesignEnsure that protocols have specific limits of scale placed on them.
- Architecture and Design,Implementation[object Object]
- Operation,Architecture and Design[object Object]
Related CWEs
Recent CVEs classified under this CWE
CVE-2026-439732026-06-08CVE-2026-452907.52026-06-05CVE-2026-505895.32026-06-05CVE-2026-408985.32026-06-04CVE-2026-364996.52026-06-04CVE-2025-466387.52026-06-04CVE-2026-445455.32026-06-03CVE-2026-485972026-06-02CVE-2026-352022026-06-02CVE-2026-340777.52026-06-02CVE-2026-282998.22026-06-02CVE-2026-497542026-06-02CVE-2026-488622026-06-02CVE-2026-456825.12026-06-02CVE-2026-455545.32026-06-02CVE-2026-491404.32026-06-01CVE-2026-409905.72026-06-01CVE-2026-105335.02026-06-01CVE-2026-493617.52026-06-01CVE-2026-481875.72026-06-01