The product uses untrusted input when calculating or using an
array index, but the product does not validate or incorrectly validates the
index to ensure the index references a valid position within the array.
The software allocates a reusable resource or group of
resources on behalf of an actor without imposing any restrictions on how many
resources can be allocated, in violation of the intended security policy for