CWE-789 Variante Borrador

Memory Allocation with Excessive Size Value

This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the…

Definición

What is CWE-789?

This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the application can attempt to allocate massive amounts of system memory, leading to a denial-of-service or system instability.
At its core, this flaw is about a missing safety check. When an application accepts a size parameter—like the length of a file to process or the number of records to load—directly from an untrusted source (user input, network data, a file) and passes it to a memory allocation function (like `malloc`, `calloc`, or `new`) without verifying it's reasonable, the system's memory manager tries to fulfill the request. This often results in an out-of-memory crash, exhausting system resources and making the application unavailable. To prevent this, developers must implement strict bounds checking before any allocation. Establish sensible, application-specific limits for all size values derived from external inputs. Compare the requested size against a configured maximum, and reject the request if it's too large. This validation should happen as early as possible, ideally right after the input is received, to ensure the program remains stable and responsive under all conditions.
Impacto en el mundo real

Real-world CVEs caused by CWE-789

  • CVE-2019-19911

    Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190).

  • CVE-2010-3701

    program uses ::alloca() for encoding messages, but large messages trigger segfault

  • CVE-2008-1708

    memory consumption and daemon exit by specifying a large value in a length field

  • CVE-2008-0977

    large value in a length field leads to memory consumption and crash when no more memory is available

  • CVE-2006-3791

    large key size in game program triggers crash when a resizing function cannot allocate enough memory

  • CVE-2004-2589

    large Content-Length HTTP header value triggers application crash in instant messaging application due to failure in memory allocation

Cómo lo explotan los atacantes

Ruta del atacante paso a paso

  1. 1

    Consider the following code, which accepts an untrusted size value and allocates a buffer to contain a string of the given size.

  2. 2

    Suppose an attacker provides a size value of:

  3. 3

    ``` 12345678 ```

  4. 4

    This will cause 305,419,896 bytes (over 291 megabytes) to be allocated for the string.

  5. 5

    Consider the following code, which accepts an untrusted size value and uses the size as an initial capacity for a HashMap.

Ejemplo de código vulnerable

Vulnerable C

Consider the following code, which accepts an untrusted size value and allocates a buffer to contain a string of the given size.

Vulnerable C 
unsigned int size = GetUntrustedInt();
```
/* ignore integer overflow (CWE-190) for this example */* 
  
  unsigned int totBytes = size * sizeof(char);
  char *string = (char *)malloc(totBytes);
  InitializeString(string);
Ejemplo de código seguro

Secure C

Seguro C 
int proc_msg(char *s, int msg_len)
 {

```
  int pre_len = sizeof("preamble: "); // Note space at the end of the string - assume all strings have preamble with space
  if (pre_len <= msg_len) { // Log error; return error_code; }
  char buf[pre_len - msg_len];
  ... Do processing here and set status
  return status;
 } 
 char *s = "preamble: message\n";
 char *sl = strchr(s, ':'); // Number of characters up to ':' (not including space)
 int jnklen = sl == NULL ? 0 : sl - s; // If undefined pointer, use zero length
 int ret_val = proc_msg ("s", jnklen); // Violate assumption of preamble length, end up with negative value, blow out stack
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de prevención

How to prevent CWE-789

  • Implementation / Architecture and Design Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
  • Operation Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
Señales de detección

How to detect CWE-789

Fuzzing High

Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.

Automated Static Analysis High

Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)

Auto-corrección de Plexicus

Plexicus detecta automáticamente CWE-789 y abre un PR de corrección en menos de 60 segundos.

Codex Remedium escanea cada commit, identifica esta debilidad concreta y entrega un pull request listo para revisión con el parche. Sin tickets. Sin traspasos.

Solicitar demo Probar Plexicus gratis
Preguntas frecuentes

Frequently asked questions

¿Qué es CWE-789?

This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the application can attempt to allocate massive amounts of system memory, leading to a denial-of-service or system instability.

¿Qué gravedad tiene CWE-789?

MITRE no ha publicado una calificación de probabilidad de explotación para esta debilidad. Trátala como de impacto medio hasta que tu modelo de amenazas demuestre lo contrario.

¿Qué lenguajes o plataformas se ven afectados por CWE-789?

MITRE lists the following affected platforms: C, C++.

¿Cómo puedo prevenir CWE-789?

Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary. Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.

¿Cómo detecta y corrige Plexicus CWE-789?

El motor SAST de Plexicus detecta la firma de flujo de datos para CWE-789 en cada commit. Cuando hay coincidencia, nuestro agente Codex Remedium abre un PR de corrección con el código corregido, las pruebas y un resumen de una línea para el revisor.

¿Dónde puedo aprender más sobre CWE-789?

MITRE publica la definición canónica en https://cwe.mitre.org/data/definitions/789.html. También puedes consultar la documentación de OWASP y NIST para guías relacionadas.

Debilidades relacionadas

Weaknesses related to CWE-789

CWE-770 Padre

Allocation of Resources Without Limits or Throttling

This vulnerability occurs when a system allows users or processes to request resources without any built-in caps or rate limits. Think of…

CWE-1325 Hermano

Improperly Controlled Sequential Memory Allocation

This vulnerability occurs when a system allocates memory separately for each item in a collection but fails to enforce a global limit on…

CWE-774 Hermano

Allocation of File Descriptors or Handles Without Limits or Throttling

This vulnerability occurs when an application creates file descriptors or handles for a user or process without enforcing any limits on…

CWE-476 Puede preceder

NULL Pointer Dereference

This vulnerability occurs when a program attempts to access or manipulate memory using a pointer that is set to NULL, causing a crash or…

Recursos

Further reading

Listo cuando tú lo estés

Deja de pagar por desarrollador.
Empieza a cerrar el bucle.

Plexicus es el ASPM nativo de IA que escanea, filtra, corrige, pentestea y explica — de forma autónoma. Desarrolladores ilimitados, repos ilimitados, acciones de IA de uso justo. Nivel gratuito real, €269/mo anual cuando estés listo.

Comenzar gratis Reservar una demo