CWE-408 – Incorrect Behavior Order: Early Amplification
Description The software allows an entity to perform a legitimate but expensive operation before authentication or authorization has taken place. Modes of Introduction: - Architecture...
CWE-407 – Inefficient Algorithmic Complexity
Description An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an...
CWE-406 – Insufficient Control of Network Message Volume (Network Amplification)
Description The software does not sufficiently monitor or control transmitted network traffic volume, so that an actor can cause the software to transmit more traffic...
CWE-405 – Asymmetric Resource Consumption (Amplification)
Description Software that does not appropriately monitor or control resource consumption can lead to adverse system performance. This situation is amplified if the software allows...
CWE-404 – Improper Resource Shutdown or Release
Description The program does not release or incorrectly releases a resource before it is made available for re-use. When a resource is created or allocated,...
CWE-403 – Exposure of File Descriptor to Unintended Control Sphere (‘File Descriptor Leak’)
Description A process does not close sensitive file descriptors before invoking a child process, which allows the child to perform unauthorized I/O operations using those...
CWE-402 – Transmission of Private Resources into a New Sphere (‘Resource Leak’)
Description The software makes resources available to untrusted parties when those resources are only intended to be accessed by the software. Modes of Introduction: -...
CWE-401 – Missing Release of Memory after Effective Lifetime
Description The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory. This is often triggered...
CWE-400 – Uncontrolled Resource Consumption
Description The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources...
CWE-40 – Path Traversal: ‘\UNCsharename’ (Windows UNC Share)
Description An attacker can inject a Windows UNC share ('\UNCsharename') into a software system to potentially redirect access to an unintended location or arbitrary file....