Uncontrolled Memory Allocation| ID: 789 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Variant |
Description
The product allocates memory based on an untrusted size value,
but it does not validate or incorrectly validates the size, allowing arbitrary
amounts of memory to be allocated.
Likelihood of Exploit: Low
Applicable PlatformsLanguage: CLanguage: C++Language Class: All
Time Of Introduction
- Implementation
- Architecture and Design
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Availability | DoS: resource consumption
(memory) | Not controlling memory allocation can result in a request for too much
system memory, possibly leading to a crash of the application due to
out-of-memory conditions, or the consumption of a large amount of memory
on the system. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| ImplementationArchitecture and Design | | Perform adequate input validation against any value that influences
the amount of memory that is allocated. Define an appropriate strategy
for handling requests that exceed the limit, and consider supporting a
configuration option so that the administrator can extend the amount of
memory to be used if necessary. | | |
| Operation | | Run your program using system-provided resource limits for memory.
This might still cause the program to crash or exit, but the impact to
the rest of the system will be minimized. | | |
RelationshipsThis weakness can be closely associated with integer overflows (CWE-190).
Integer overflow attacks would concentrate on providing an extremely large
number that triggers an overflow that causes less memory to be allocated
than expected. By providing a large value that does not trigger an integer
overflow, the attacker could still cause excessive amounts of memory to be
allocated.
| Related CWE | Type | View | Chain |
|---|
| CWE-789 CanPrecede CWE-476 | Weakness | CWE-1000 | |
Demonstrative Examples (Details)
- Consider the following code, which accepts an untrusted size value
and allocates a buffer to contain a string of the given size.
- Consider the following code, which accepts an untrusted size value
and uses the size as an initial capacity for a HashMap.
- The following code obtains an untrusted number that it used as an
index into an array of messages.
Observed Examples
- CVE-2008-1708 : memory consumption and daemon exit by specifying a large value in a length field
- CVE-2008-0977 : large value in a length field leads to memory consumption and crash when no more memory is available
- CVE-2006-3791 : large key size in game program triggers crash when a resizing function cannot allocate enough memory
- CVE-2004-2589 : large Content-Length HTTP header value triggers application crash in instant messaging application due to failure in memory allocation
For more examples, refer to CVE relations in the bottom box.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| WASC | 35 | SOAP Array Abuse | |
References:
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 10, "Resource Limits", Page 574.'. Published on 2006.
