Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1325 — Vulnerability Class 12

12 vulnerabilities classified as CWE-1325. AI Chinese analysis included.

CWE-1325 represents a resource management weakness where an application fails to enforce a global cap on memory consumption across multiple sequential allocations. Although individual requests may be bounded, the system lacks oversight of the aggregate memory footprint, allowing an attacker to trigger a denial of service by exhausting system resources. Exploitation typically involves flooding the application with numerous small allocation requests, each seemingly harmless but collectively overwhelming available memory. Developers mitigate this risk by implementing strict quota systems that track total memory usage in real-time. By establishing hard limits on the combined size of all active objects and rejecting new allocations once thresholds are reached, engineers ensure system stability. This proactive resource governance prevents attackers from leveraging sequential allocation patterns to crash services or degrade performance, maintaining integrity under load.

MITRE CWE Description
The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects. While the product might limit the amount of memory that is allocated in a single operation for a single object (such as a malloc of an array), if an attacker can cause multiple objects to be allocated in separate operations, then this might cause higher total memory consumption than the developer intended, leading to a denial of service.
Common Consequences (1)
AvailabilityDoS: Resource Consumption (Memory)
Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system.
Mitigations (2)
ImplementationEnsure multiple allocations of the same kind of object are properly tracked - possibly across multiple sessions, requests, or messages. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
OperationRun the program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
Examples (1)
This example contains a small allocation of stack memory. When the program was first constructed, the number of times this memory was allocated was probably inconsequential and presented no problem. Over time, as the number of objects in the database grow, the number of allocations will grow - eventually consuming the available stack, i.e. "stack exhaustion." An attacker who is able to add element…
// Gets the size from the number of objects in a database, which over time can conceivably get very large int end_limit = get_nmbr_obj_from_db(); int i; int *base = NULL; int *p =base; for (i = 0; i < end_limit; i++) { *p = alloca(sizeof(int *)); // Allocate memory on the stack p = *p; // // Point to the next location to be saved }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2026-6535 Improperly Controlled Sequential Memory Allocation in Wireshark — Wireshark 5.5 Medium2026-04-30
CVE-2026-6533 Improperly Controlled Sequential Memory Allocation in Wireshark — Wireshark 5.5 Medium2026-04-30
CVE-2026-6869 Improperly Controlled Sequential Memory Allocation in Wireshark — Wireshark 5.5 Medium2026-04-30
CVE-2026-6867 Improperly Controlled Sequential Memory Allocation in Wireshark — Wireshark 5.5 Medium2026-04-30
CVE-2026-3201 Improperly Controlled Sequential Memory Allocation in Wireshark — Wireshark 4.7 Medium2026-02-25
CVE-2026-24819 An out-of-memory (OOM) issue in foxinmy/weixin4j — weixin4j 9.1AICriticalAI2026-01-27
CVE-2025-13945 Improperly Controlled Sequential Memory Allocation in Wireshark — Wireshark 5.5 Medium2025-12-03
CVE-2025-2240 Smallrye-fault-tolerance: smallrye fault tolerance 7.5 High2025-03-12
CVE-2023-52891 Siemens 多款产品安全漏洞 — SIMATIC Energy Manager Basic 5.3 Medium2024-07-09
CVE-2024-2511 Unbounded memory growth with session handling in TLSv1.3 — OpenSSL 7.5AIHighAI2024-04-08
CVE-2023-28968 Junos OS: SRX Series: Policies that rely on JDPI-Decoder actions may fail open — Junos OS 5.3 Medium2023-04-17
CVE-2021-43174 gzip transfer encoding caused out-of-memory crash — Routinator 7.5 -2021-11-09

Vulnerabilities classified as CWE-1325 represent 12 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.