CWE-400 Classe Brouillon High likelihood

Uncontrolled Resource Consumption

This vulnerability occurs when an application fails to properly manage a finite resource, allowing an attacker to exhaust it and cause a denial of service.

Définition

What is CWE-400?

This vulnerability occurs when an application fails to properly manage a finite resource, allowing an attacker to exhaust it and cause a denial of service.
Uncontrolled resource consumption, often called resource exhaustion, happens when an application doesn't enforce limits on how much of a critical resource it uses. Attackers can exploit this by triggering operations that consume excessive memory, CPU, file handles, or network connections, leading to slowdowns or crashes that deny service to legitimate users. Common causes include unbounded loops, lack of upload size limits, or caches that never expire. Preventing these issues requires implementing quotas, timeouts, and rate limiting, and carefully managing object lifecycles. While SAST tools can detect risky patterns, managing this at scale is difficult; an ASPM like Plexicus can help you track and remediate these flaws across your entire stack, using AI to prioritize the most critical resource exhaustion risks in your code and infrastructure.
Vulnerability Diagram CWE-400
Uncontrolled Resource Consumption Botnet Server CPU 100% Mem 100% Conn pool full A flood of requests exhausts CPU, memory or connections — service down.
Impact réel

Real-world CVEs caused by CWE-400

  • CVE-2019-19911

    Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190).

  • CVE-2020-7218

    Go-based workload orchestrator does not limit resource usage with unauthenticated connections, allowing a DoS by flooding the service

  • CVE-2020-3566

    Resource exhaustion in distributed OS because of "insufficient" IGMP queue management, as exploited in the wild per CISA KEV.

  • CVE-2009-2874

    Product allows attackers to cause a crash via a large number of connections.

  • CVE-2009-1928

    Malformed request triggers uncontrolled recursion, leading to stack exhaustion.

  • CVE-2009-2858

    Chain: memory leak (CWE-404) leads to resource exhaustion.

  • CVE-2009-2726

    Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption.

  • CVE-2009-2540

    Large integer value for a length property in an object causes a large amount of memory allocation.

Comment les attaquants l'exploitent

Parcours de l'attaquant étape par étape

  1. 1

    The following example demonstrates the weakness.

  2. 2

    There are no limits to runnables. Potentially an attacker could cause resource problems very quickly.

  3. 3

    This code allocates a socket and forks each time it receives a new connection.

  4. 4

    The program does not track how many connections have been made, and it does not limit the number of connections. Because forking is a relatively expensive operation, an attacker would be able to cause the system to run out of CPU, processes, or memory by making a large number of connections. Alternatively, an attacker could consume all available connections, preventing others from accessing the system remotely.

  5. 5

    In the following example a server socket connection is used to accept a request to store data on the local file system using a specified filename. The method openSocketConnection establishes a server socket to accept requests from a client. When a client establishes a connection to this service the getNextMessage method is first used to retrieve from the socket the name of the file to store the data, the openFileToWrite method will validate the filename and open a file to write to on the local file system. The getNextMessage is then used within a while loop to continuously read data from the socket and output the data to the file until there is no longer any data from the socket.

Exemple de code vulnérable

Vulnerable Java

The following example demonstrates the weakness.

Vulnérable Java 
class Worker implements Executor {
  		...
  		public void execute(Runnable r) {
  				try {
  					...
  				}
  				catch (InterruptedException ie) {
```
// postpone response* 
  						Thread.currentThread().interrupt();}}
  		
  		public Worker(Channel ch, int nworkers) {
  		```
  			...
  		}
  		protected void activate() {
  				Runnable loop = new Runnable() {
  						public void run() {
  								try {
  									for (;;) {
  										Runnable r = ...;
  										r.run();
  									}
  								}
  								catch (InterruptedException ie) {
  									...
  								}
  						}
  				};
  				new Thread(loop).start();
  		}
  }
Exemple de code sécurisé

Secure C

Also, consider changing the type from 'int' to 'unsigned int', so that you are always guaranteed that the number is positive. This might not be possible if the protocol specifically requires allowing negative values, or if you cannot control the return value from getMessageLength(), but it could simplify the check to ensure the input is positive, and eliminate other errors such as signed-to-unsigned conversion errors (CWE-195) that may occur elsewhere in the code.

Sécurisé C 
unsigned int length = getMessageLength(message[0]);
  if ((length > 0) && (length < MAX_LENGTH)) {...}
What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Liste de contrôle de prévention

How to prevent CWE-400

  • Architecture and Design Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
  • Architecture and Design Mitigation of resource exhaustion attacks requires that the target system either: - recognizes the attack and denies that user further access for a given amount of time, or - uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed. The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question. The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
  • Architecture and Design Ensure that protocols have specific limits of scale placed on them.
  • Implementation Ensure that all failures in resource allocation place the system into a safe posture.
Signaux de détection

How to detect CWE-400

Automated Static Analysis Limited

Automated static analysis typically has limited utility in recognizing resource exhaustion problems, except for program-independent system resources such as files, sockets, and processes. For system resources, automated static analysis may be able to detect circumstances in which resources are not released after they have expired. Automated analysis of configuration files may be able to detect settings that do not specify a maximum value. Automated static analysis tools will not be appropriate for detecting exhaustion of custom resources, such as an intended security policy in which a bulletin board user is only allowed to make a limited number of posts per day.

Automated Dynamic Analysis Moderate

Certain automated dynamic analysis techniques may be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the product within a short time frame.

Fuzzing Opportunistic

While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find resource exhaustion problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted product in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to handle resource exhaustion may be the cause.

Correction automatique Plexicus

Plexicus détecte automatiquement CWE-400 et ouvre une PR de correction en moins de 60 secondes.

Codex Remedium analyse chaque commit, identifie cette faiblesse précise et livre une pull request prête à être relue avec le correctif. Pas de tickets. Pas de transferts.

Obtenir une démo Essayer Plexicus gratuitement
Questions fréquentes

Frequently asked questions

Qu'est-ce que CWE-400 ?

This vulnerability occurs when an application fails to properly manage a finite resource, allowing an attacker to exhaust it and cause a denial of service.

Quelle est la gravité de CWE-400 ?

MITRE évalue la probabilité d'exploitation comme Élevée — cette faiblesse est activement exploitée et doit être priorisée pour la remédiation.

Quels langages ou plateformes sont affectés par CWE-400 ?

MITRE n'a pas spécifié les plateformes affectées pour ce CWE — il peut s'appliquer à la plupart des stacks applicatives.

Comment puis-je prévenir CWE-400 ?

Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the…

Comment Plexicus détecte et corrige CWE-400 ?

Le moteur SAST de Plexicus reconnaît la signature de flux de données de CWE-400 à chaque commit. Lorsqu'une correspondance est trouvée, notre agent Codex Remedium ouvre une PR de correction avec le code corrigé, les tests et un résumé d'une ligne pour le relecteur.

Où puis-je en savoir plus sur CWE-400 ?

MITRE publie la définition canonique à https://cwe.mitre.org/data/definitions/400.html. Vous pouvez également consulter la documentation OWASP et NIST pour des conseils adjacents.

Faiblesses associées

Weaknesses related to CWE-400

CWE-664 Parent

Improper Control of a Resource Through its Lifetime

This vulnerability occurs when software fails to properly manage a resource throughout its entire lifecycle—from creation and active use…

CWE-118 Frère

Incorrect Access of Indexable Resource ('Range Error')

This vulnerability occurs when software fails to properly check the boundaries of an indexed resource, like an array, buffer, or file,…

CWE-1229 Frère

Creation of Emergent Resource

This vulnerability occurs when a system's normal operations unintentionally create new, exploitable resources that attackers can use to…

CWE-1250 Frère

Improper Preservation of Consistency Between Independent Representations of Shared State

This vulnerability occurs when a system with multiple independent components (like distributed services or separate hardware units) each…

CWE-1329 Frère

Reliance on Component That is Not Updateable

This vulnerability occurs when a product depends on a component that cannot be updated or patched to fix security flaws or critical bugs.

CWE-221 Frère

Information Loss or Omission

This weakness occurs when an application fails to log critical security events or records them inaccurately, which can misguide security…

CWE-372 Frère

Incomplete Internal State Distinction

This vulnerability occurs when an application fails to accurately track its own operational state. The system incorrectly assumes it's in…

CWE-404 Frère

Improper Resource Shutdown or Release

This vulnerability occurs when a program fails to properly close or release a system resource—like a file handle, database connection, or…

CWE-410 Frère

Insufficient Resource Pool

This vulnerability occurs when a system's resource pool is too small to handle maximum usage. Attackers can exploit this by making a high…

Ressources

Further reading

Prêt quand vous l'êtes

Arrêtez de payer par développeur.
Commencez à fermer la boucle.

Plexicus est l'ASPM natif IA qui scanne, filtre, corrige, penteste et explique — de façon autonome. Développeurs illimités, dépôts illimités, actions IA à usage équitable. Vrai niveau gratuit, €269/mo annuel quand vous êtes prêt.

Commencer gratuitement Réserver une démo