Automated static analysis typically has limited utility in recognizing resource exhaustion problems, except for program-independent system resources such as files, sockets, and processes. For system resources, automated static analysis may be able to detect circumstances in which resources are not released after they have expired. Automated analysis of configuration files may be able to detect settings that do not specify a maximum value. Automated static analysis tools will not be appropriate for detecting exhaustion of custom resources, such as an intended security policy in which a bulletin board user is only allowed to make a limited number of posts per day.
CWE-400 Classe Rascunho
Uncontrolled Resource Consumption
This vulnerability occurs when an application fails to properly manage a finite resource, allowing an attacker to exhaust it and cause a denial of service.
Definição
What is CWE-400?
This vulnerability occurs when an application fails to properly manage a finite resource, allowing an attacker to exhaust it and cause a denial of service.
Uncontrolled resource consumption, often called resource exhaustion, happens when an application doesn't enforce limits on how much of a critical resource it uses. Attackers can exploit this by triggering operations that consume excessive memory, CPU, file handles, or network connections, leading to slowdowns or crashes that deny service to legitimate users. Common causes include unbounded loops, lack of upload size limits, or caches that never expire.
Preventing these issues requires implementing quotas, timeouts, and rate limiting, and carefully managing object lifecycles. While SAST tools can detect risky patterns, managing this at scale is difficult; an ASPM like Plexicus can help you track and remediate these flaws across your entire stack, using AI to prioritize the most critical resource exhaustion risks in your code and infrastructure.
Impacto no mundo real
Real-world CVEs caused by CWE-400
-
Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190).
-
Go-based workload orchestrator does not limit resource usage with unauthenticated connections, allowing a DoS by flooding the service
-
Resource exhaustion in distributed OS because of "insufficient" IGMP queue management, as exploited in the wild per CISA KEV.
-
Product allows attackers to cause a crash via a large number of connections.
-
Malformed request triggers uncontrolled recursion, leading to stack exhaustion.
-
Chain: memory leak (CWE-404) leads to resource exhaustion.
-
Driver does not use a maximum width when invoking sscanf style functions, causing stack consumption.
-
Large integer value for a length property in an object causes a large amount of memory allocation.
Como os atacantes a exploram
Trajeto do atacante passo a passo
- 1
The following example demonstrates the weakness.
- 2
There are no limits to runnables. Potentially an attacker could cause resource problems very quickly.
- 3
This code allocates a socket and forks each time it receives a new connection.
- 4
The program does not track how many connections have been made, and it does not limit the number of connections. Because forking is a relatively expensive operation, an attacker would be able to cause the system to run out of CPU, processes, or memory by making a large number of connections. Alternatively, an attacker could consume all available connections, preventing others from accessing the system remotely.
- 5
In the following example a server socket connection is used to accept a request to store data on the local file system using a specified filename. The method openSocketConnection establishes a server socket to accept requests from a client. When a client establishes a connection to this service the getNextMessage method is first used to retrieve from the socket the name of the file to store the data, the openFileToWrite method will validate the filename and open a file to write to on the local file system. The getNextMessage is then used within a while loop to continuously read data from the socket and output the data to the file until there is no longer any data from the socket.
Exemplo de código vulnerável
Vulnerable Java
The following example demonstrates the weakness.
class Worker implements Executor {
...
public void execute(Runnable r) {
try {
...
}
catch (InterruptedException ie) {
```
// postpone response*
Thread.currentThread().interrupt();}}
public Worker(Channel ch, int nworkers) {
```
...
}
protected void activate() {
Runnable loop = new Runnable() {
public void run() {
try {
for (;;) {
Runnable r = ...;
r.run();
}
}
catch (InterruptedException ie) {
...
}
}
};
new Thread(loop).start();
}
} Exemplo de código seguro
Secure C
Also, consider changing the type from 'int' to 'unsigned int', so that you are always guaranteed that the number is positive. This might not be possible if the protocol specifically requires allowing negative values, or if you cannot control the return value from getMessageLength(), but it could simplify the check to ensure the input is positive, and eliminate other errors such as signed-to-unsigned conversion errors (CWE-195) that may occur elsewhere in the code.
unsigned int length = getMessageLength(message[0]);
if ((length > 0) && (length < MAX_LENGTH)) {...} What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de verificação de prevenção
How to prevent CWE-400
- Architecture and Design Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the potential for a DoS attack, consider tracking the rate of requests received from users and blocking requests that exceed a defined rate threshold.
- Architecture and Design Mitigation of resource exhaustion attacks requires that the target system either: - recognizes the attack and denies that user further access for a given amount of time, or - uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed. The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question. The second solution is simply difficult to effectively institute -- and even when properly done, it does not provide a full solution. It simply makes the attack require more resources on the part of the attacker.
- Architecture and Design Ensure that protocols have specific limits of scale placed on them.
- Implementation Ensure that all failures in resource allocation place the system into a safe posture.
Sinais de deteção
How to detect CWE-400
Certain automated dynamic analysis techniques may be effective in spotting resource exhaustion problems, especially with resources such as processes, memory, and connections. The technique may involve generating a large number of requests to the product within a short time frame.
While fuzzing is typically geared toward finding low-level implementation bugs, it can inadvertently find resource exhaustion problems. This can occur when the fuzzer generates a large number of test cases but does not restart the targeted product in between test cases. If an individual test case produces a crash, but it does not do so reliably, then an inability to handle resource exhaustion may be the cause.
O Plexicus deteta automaticamente o CWE-400 e abre um PR de correção em menos de 60 segundos.
O Codex Remedium analisa cada commit, identifica esta fraqueza exata e entrega um pull request pronto para revisão com o patch. Sem tickets. Sem transferências.
Perguntas frequentes O que é o CWE-400?
Qual a gravidade do CWE-400?
Que linguagens ou plataformas são afetadas pelo CWE-400?
Como posso prevenir o CWE-400?
Como é que o Plexicus deteta e corrige o CWE-400?
Onde posso saber mais sobre o CWE-400?
Frequently asked questions
O que é o CWE-400?
This vulnerability occurs when an application fails to properly manage a finite resource, allowing an attacker to exhaust it and cause a denial of service.
Qual a gravidade do CWE-400?
A MITRE classifica a probabilidade de exploração como Alta — esta fraqueza é ativamente explorada em campo e deve ser priorizada para remediação.
Que linguagens ou plataformas são afetadas pelo CWE-400?
A MITRE não especificou as plataformas afetadas por este CWE — pode aplicar-se à maioria das stacks de aplicações.
Como posso prevenir o CWE-400?
Design throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perhaps by caching result sets, can help minimize the resources expended. To further limit the…
Como é que o Plexicus deteta e corrige o CWE-400?
O motor SAST do Plexicus correlaciona a assinatura de fluxo de dados do CWE-400 em cada commit. Quando é encontrada uma correspondência, o nosso agente Codex Remedium abre um PR de correção com o código corrigido, testes e um resumo de uma linha para o revisor.
Onde posso saber mais sobre o CWE-400?
A MITRE publica a definição canónica em https://cwe.mitre.org/data/definitions/400.html. Pode também consultar a documentação da OWASP e do NIST para orientações adjacentes.
Fraquezas relacionadas
Weaknesses related to CWE-400
CWE-664 Pai
Improper Control of a Resource Through its Lifetime
This vulnerability occurs when software fails to properly manage a resource throughout its entire lifecycle—from creation and active use…
CWE-118 Irmão
Incorrect Access of Indexable Resource ('Range Error')
This vulnerability occurs when software fails to properly check the boundaries of an indexed resource, like an array, buffer, or file,…
CWE-1229 Irmão
Creation of Emergent Resource
This vulnerability occurs when a system's normal operations unintentionally create new, exploitable resources that attackers can use to…
CWE-1250 Irmão
Improper Preservation of Consistency Between Independent Representations of Shared State
This vulnerability occurs when a system with multiple independent components (like distributed services or separate hardware units) each…
CWE-1329 Irmão
Reliance on Component That is Not Updateable
This vulnerability occurs when a product depends on a component that cannot be updated or patched to fix security flaws or critical bugs.
CWE-221 Irmão
Information Loss or Omission
This weakness occurs when an application fails to log critical security events or records them inaccurately, which can misguide security…
CWE-372 Irmão
Incomplete Internal State Distinction
This vulnerability occurs when an application fails to accurately track its own operational state. The system incorrectly assumes it's in…
CWE-404 Irmão
Improper Resource Shutdown or Release
This vulnerability occurs when a program fails to properly close or release a system resource—like a file handle, database connection, or…
CWE-410 Irmão
Insufficient Resource Pool
This vulnerability occurs when a system's resource pool is too small to handle maximum usage. Attackers can exploit this by making a high…
Recursos
Further reading
- MITRE — CWE-400 oficial https://cwe.mitre.org/data/definitions/400.html
- The CLASP Application Security Process https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf
- Detection and Prediction of Resource-Exhaustion Vulnerabilities https://www.di.fc.ul.pt/~nuno/PAPERS/ISSRE08.pdf
- Resource exhaustion http://cr.yp.to/docs/resources.html
- Resource exhaustion http://homes.cerias.purdue.edu/~pmeunier/secprog/sanitized/class1/6.resource%20exhaustion.ppt
- Writing Secure Code https://www.microsoftpressstore.com/store/writing-secure-code-9780735617223
Pronto quando você estiver
Pare de pagar por desenvolvedor.
Comece a fechar o ciclo.
O Plexicus é o ASPM nativo de IA que verifica, filtra, corrige, pentesta e explica — de forma autónoma. Programadores ilimitados, repos ilimitados, ações de IA de utilização justa. Nível gratuito real, €269/mo anual quando estiver pronto.