The product does not properly control the amount of recursion which takes place, consuming excessive resources, such as allocated memory or the program stack.
Modes of Introduction:
– Implementation
Availability: DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Resources including CPU, memory, and stack memory could be rapidly consumed or exhausted, eventually leading to an exit or crash.
Confidentiality: Read Application Data
In some cases, an application’s interpreter might kill a process or thread that appears to be consuming too much resources, such as with PHP’s memory_limit setting. When the interpreter kills the process/thread, it might report an error containing detailed information such as the application’s installation path.
Phase: Implementation
Effectiveness: Moderate
Description:
Ensure an end condition will be reached under all logic conditions. The end condition may include testing against the depth of recursion and exiting with an error if the recursion goes too deep. The complexity of the end condition contributes to the effectiveness of this action.
Phase: Implementation
Effectiveness: Limited
Description:
Increase the stack size.
Increasing the stack size might only be a temporary measure, since the stack typically is still not very large, and it might remain easy for attackers to cause an out-of-stack fault.
The product does not prevent the definition of control spheres from external actors.
Typically, a product defines its control sphere within the code itself, or through configuration by the product’s administrator. In some cases, an external party can change the definition of the control sphere. This is typically a resultant weakness.
Modes of Introduction:
– Architecture and Design
Other: Other
The software uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
Modes of Introduction:
– Architecture and Design
Integrity, Confidentiality: Modify Application Data, Read Application Data
If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity.
Other, Availability: Other, DoS: Crash, Exit, or Restart
When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash.
The product uses security features in a way that prevents the product’s administrator from tailoring security settings to reflect the environment in which the product is being used. This introduces resultant weaknesses or prevents it from operating at a level of security that is desired by the administrator.
If the product’s administrator does not have the ability to manage security-related decisions at all times, then protecting the product from outside threats – including the product’s developer – can become impossible. For example, a hard-coded account name and password cannot be changed by the administrator, thus exposing that product to attacks that the administrator can not prevent.
Modes of Introduction:
– Architecture and Design
Other: Varies by Context
The code contains a control flow path that does not reflect the algorithm that the path is intended to implement, leading to incorrect behavior any time this path is navigated.
This weakness captures cases in which a particular code segment is always incorrect with respect to the algorithm that it is implementing. For example, if a C programmer intends to include multiple statements in a single block but does not include the enclosing braces (CWE-483), then the logic is always incorrect. This issue is in contrast to most weaknesses in which the code usually behaves correctly, except when it is externally manipulated in malicious ways.
Modes of Introduction:
– Architecture and Design
Other: Other, Alter Execution Logic
The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a Windows device name such as AUX or CON. This typically leads to denial of service or an information exposure when the application attempts to process the pathname as a regular file.
Not properly handling virtual filenames (e.g. AUX, CON, PRN, COM1, LPT1) can result in different types of vulnerabilities. In some cases an attacker can request a device via injection of a virtual filename in a URL, which may cause an error that leads to a denial of service or an error page that reveals sensitive information. A software system that allows device names to bypass filtering runs the risk of an attacker injecting malicious code in a file with the name of a device.
Historically, there was a bug in the Windows operating system that caused a blue screen of death. Even after that issue was fixed DOS device names continue to be a factor.
Modes of Introduction:
– Architecture and Design
Likelihood of Exploit: High
Availability, Confidentiality, Other: DoS: Crash, Exit, or Restart, Read Application Data, Other
Phase: Implementation
Description:
Be familiar with the device names in the operating system where your system is deployed. Check input for these device names.
The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere, in a manner that provides unintended control over that resource.
A “control sphere” is a set of resources and behaviors that are accessible to a single actor, or a group of actors. A product’s security model will typically define multiple spheres, possibly implicitly. For example, a server might define one sphere for “administrators” who can create new user accounts with subdirectories under /home/server/, and a second sphere might cover the set of users who can create or delete files within their own subdirectories. A third sphere might be “users who are authenticated to the operating system on which the product is installed.” Each sphere has different sets of actors and allowable behaviors.
Modes of Introduction:
– Architecture and Design
Confidentiality, Integrity: Read Application Data, Modify Application Data, Unexpected State
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
Modes of Introduction:
– Architecture and Design
Confidentiality, Integrity, Other: Read Application Data, Modify Application Data, Other
The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.
Modes of Introduction:
– Architecture and Design
CWE-662
CWE-662
CWE-662
CWE-662
Availability: DoS: Resource Consumption (CPU)
Inconsistent locking discipline can lead to deadlock.
Phase: Implementation
Description:
Use industry standard APIs to implement locking mechanism.