Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.
CWE-789 Variante Rascunho
Memory Allocation with Excessive Size Value
This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the…
Definição
What is CWE-789?
This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the application can attempt to allocate massive amounts of system memory, leading to a denial-of-service or system instability.
At its core, this flaw is about a missing safety check. When an application accepts a size parameter—like the length of a file to process or the number of records to load—directly from an untrusted source (user input, network data, a file) and passes it to a memory allocation function (like `malloc`, `calloc`, or `new`) without verifying it's reasonable, the system's memory manager tries to fulfill the request. This often results in an out-of-memory crash, exhausting system resources and making the application unavailable.
To prevent this, developers must implement strict bounds checking before any allocation. Establish sensible, application-specific limits for all size values derived from external inputs. Compare the requested size against a configured maximum, and reject the request if it's too large. This validation should happen as early as possible, ideally right after the input is received, to ensure the program remains stable and responsive under all conditions.
Impacto no mundo real
Real-world CVEs caused by CWE-789
-
Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190).
-
program uses ::alloca() for encoding messages, but large messages trigger segfault
-
memory consumption and daemon exit by specifying a large value in a length field
-
large value in a length field leads to memory consumption and crash when no more memory is available
-
large key size in game program triggers crash when a resizing function cannot allocate enough memory
-
large Content-Length HTTP header value triggers application crash in instant messaging application due to failure in memory allocation
Como os atacantes a exploram
Trajeto do atacante passo a passo
- 1
Consider the following code, which accepts an untrusted size value and allocates a buffer to contain a string of the given size.
- 2
Suppose an attacker provides a size value of:
- 3
``` 12345678 ```
- 4
This will cause 305,419,896 bytes (over 291 megabytes) to be allocated for the string.
- 5
Consider the following code, which accepts an untrusted size value and uses the size as an initial capacity for a HashMap.
Exemplo de código vulnerável
Vulnerable C
Consider the following code, which accepts an untrusted size value and allocates a buffer to contain a string of the given size.
unsigned int size = GetUntrustedInt();
```
/* ignore integer overflow (CWE-190) for this example */*
unsigned int totBytes = size * sizeof(char);
char *string = (char *)malloc(totBytes);
InitializeString(string); Exemplo de código seguro
Secure C
int proc_msg(char *s, int msg_len)
{
```
int pre_len = sizeof("preamble: "); // Note space at the end of the string - assume all strings have preamble with space
if (pre_len <= msg_len) { // Log error; return error_code; }
char buf[pre_len - msg_len];
... Do processing here and set status
return status;
}
char *s = "preamble: message\n";
char *sl = strchr(s, ':'); // Number of characters up to ':' (not including space)
int jnklen = sl == NULL ? 0 : sl - s; // If undefined pointer, use zero length
int ret_val = proc_msg ("s", jnklen); // Violate assumption of preamble length, end up with negative value, blow out stack What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Lista de verificação de prevenção
How to prevent CWE-789
- Implementation / Architecture and Design Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
- Operation Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
Sinais de deteção
How to detect CWE-789
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
O Plexicus deteta automaticamente o CWE-789 e abre um PR de correção em menos de 60 segundos.
O Codex Remedium analisa cada commit, identifica esta fraqueza exata e entrega um pull request pronto para revisão com o patch. Sem tickets. Sem transferências.
Perguntas frequentes O que é o CWE-789?
Qual a gravidade do CWE-789?
Que linguagens ou plataformas são afetadas pelo CWE-789?
Como posso prevenir o CWE-789?
Como é que o Plexicus deteta e corrige o CWE-789?
Onde posso saber mais sobre o CWE-789?
Frequently asked questions
O que é o CWE-789?
This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the application can attempt to allocate massive amounts of system memory, leading to a denial-of-service or system instability.
Qual a gravidade do CWE-789?
A MITRE não publicou uma classificação de probabilidade de exploração para esta fraqueza. Trate-a como impacto médio até o seu modelo de ameaças provar o contrário.
Que linguagens ou plataformas são afetadas pelo CWE-789?
MITRE lists the following affected platforms: C, C++.
Como posso prevenir o CWE-789?
Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary. Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
Como é que o Plexicus deteta e corrige o CWE-789?
O motor SAST do Plexicus correlaciona a assinatura de fluxo de dados do CWE-789 em cada commit. Quando é encontrada uma correspondência, o nosso agente Codex Remedium abre um PR de correção com o código corrigido, testes e um resumo de uma linha para o revisor.
Onde posso saber mais sobre o CWE-789?
A MITRE publica a definição canónica em https://cwe.mitre.org/data/definitions/789.html. Pode também consultar a documentação da OWASP e do NIST para orientações adjacentes.
Fraquezas relacionadas
Weaknesses related to CWE-789
CWE-770 Pai
Allocation of Resources Without Limits or Throttling
This vulnerability occurs when a system allows users or processes to request resources without any built-in caps or rate limits. Think of…
CWE-1325 Irmão
Improperly Controlled Sequential Memory Allocation
This vulnerability occurs when a system allocates memory separately for each item in a collection but fails to enforce a global limit on…
CWE-774 Irmão
Allocation of File Descriptors or Handles Without Limits or Throttling
This vulnerability occurs when an application creates file descriptors or handles for a user or process without enforcing any limits on…
CWE-476 Pode preceder
NULL Pointer Dereference
This vulnerability occurs when a program attempts to access or manipulate memory using a pointer that is set to NULL, causing a crash or…
Pronto quando você estiver
Pare de pagar por desenvolvedor.
Comece a fechar o ciclo.
O Plexicus é o ASPM nativo de IA que verifica, filtra, corrige, pentesta e explica — de forma autónoma. Programadores ilimitados, repos ilimitados, ações de IA de utilização justa. Nível gratuito real, €269/mo anual quando estiver pronto.