Description
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
Modes of Introduction:
– Implementation
Likelihood of Exploit:
Related Weaknesses
Consequences
Availability: DoS: Resource Consumption (Memory)
Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system.
Potential Mitigations
Phase: Implementation, Architecture and Design
Effectiveness:
Description:
Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
Phase: Operation
Effectiveness:
Description:
Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
CVE References
- CVE-2010-3701
- program uses ::alloca() for encoding messages, but large messages trigger segfault
- CVE-2008-1708
- memory consumption and daemon exit by specifying a large value in a length field
- CVE-2008-0977
- large value in a length field leads to memory consumption and crash when no more memory is available
- CVE-2006-3791
- large key size in game program triggers crash when a resizing function cannot allocate enough memory
- CVE-2004-2589
- large Content-Length HTTP header value triggers application crash in instant messaging application due to failure in memory allocation
More Stories
The Most Dangerous Vulnerabilities in Apache Tomcat and How to Protect Against Them
Apache Tomcat is an open-source web server and servlet container that is widely used in enterprise environments to run Java...
ZDI-CAN-18333: A Critical Zero-Day Vulnerability in Microsoft Windows
Zero-day vulnerabilities are a serious threat to cybersecurity, as they can be exploited by malicious actors to gain unauthorized access...
CWE-669 – Incorrect Resource Transfer Between Spheres
Description The product does not properly transfer a resource/behavior to another sphere, or improperly imports a resource/behavior from another sphere,...
CWE-67 – Improper Handling of Windows Device Names
Description The software constructs pathnames from user input, but it does not handle or incorrectly handles a pathname containing a...
CWE-670 – Always-Incorrect Control Flow Implementation
Description The code contains a control flow path that does not reflect the algorithm that the path is intended to...
CWE-671 – Lack of Administrator Control over Security
Description The product uses security features in a way that prevents the product's administrator from tailoring security settings to reflect...