CWE-789
Memory Allocation with Excessive Size Value
AI Translation Available
The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.
Status
draft
Abstraction
variant
Affected Platforms
C
C++
Not Language-Specific
Technical Details
AI Translation
Common Consequences
availability
Impacts
dos: resource consumption (memory)
Detection Methods
fuzzing
automated static analysis
automated dynamic analysis
Potential Mitigations
Phases:
implementation
architecture and design
operation
Descriptions:
•
Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
•
Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
Functional Areas
memory management