Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-400 (未加控制的资源消耗(资源穷尽)) — Vulnerability Class 1398

1398 vulnerabilities classified as CWE-400 (未加控制的资源消耗(资源穷尽)). AI Chinese analysis included.

CWE-400 represents a critical resource management weakness where software fails to properly control the allocation and maintenance of finite system resources, such as memory, CPU cycles, or file descriptors. Attackers typically exploit this vulnerability by triggering actions that consume excessive resources, leading to denial-of-service conditions that degrade performance or crash the application entirely. This often occurs through crafted inputs that force infinite loops, excessive data processing, or unbounded memory allocation. To mitigate this risk, developers must implement strict resource limits, including timeouts, maximum iteration counts, and memory caps. Additionally, employing robust input validation and monitoring tools helps detect abnormal consumption patterns early. By enforcing these controls, engineers ensure that applications remain resilient against resource exhaustion attacks, maintaining availability and stability even under malicious stress or unexpected load spikes.

MITRE CWE Description
The product does not properly control the allocation and maintenance of a limited resource.
Common Consequences (2)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Resource Consumption (Other)
If an attacker can trigger the allocation of the limited resources, but the number or size of the resources is not controlled, then the most common result is denial of service. This would prevent valid users from accessing the product, and it could potentially have an impact on the surrounding envir…
Access Control, OtherBypass Protection Mechanism, Other
In some cases it may be possible to force the product to "fail open" in the event of resource exhaustion. The state of the product -- and possibly the security functionality - may then be compromised.
Mitigations (4)
Architecture and DesignDesign throttling mechanisms into the system architecture. The best protection is to limit the amount of resources that an unauthorized user can cause to be expended. A strong authentication and access control model will help prevent such attacks from occurring in the first place. The login application should be protected against DoS attacks as much as possible. Limiting the database access, perha…
Architecture and DesignMitigation of resource exhaustion attacks requires that the target system either: recognizes the attack and denies that user further access for a given amount of time, or uniformly throttles all requests in order to make it more difficult to consume resources more quickly than they can again be freed. The first of these solutions is an issue in itself though, since it may allow attackers to preven…
Architecture and DesignEnsure that protocols have specific limits of scale placed on them.
ImplementationEnsure that all failures in resource allocation place the system into a safe posture.
Examples (2)
The following example demonstrates the weakness.
class Worker implements Executor { ... public void execute(Runnable r) { try { ... } catch (InterruptedException ie) { // postpone response Thread.currentThread().interrupt(); } } public Worker(Channel ch, int nworkers) { ... } protected void activate() { Runnable loop = new Runnable() { public void run() { try { for (;;) { Runnable r = ...; r.run(); } } catch (InterruptedException ie) { ... } } }; new Thread(loop).start(); } }
Bad · Java
This code allocates a socket and forks each time it receives a new connection.
sock=socket(AF_INET, SOCK_STREAM, 0); while (1) { newsock=accept(sock, ...); printf("A connection has been accepted\n"); pid = fork(); }
Bad · C
CVE IDTitleCVSSSeverityPublished
CVE-2020-3571 Cisco Firepower 4110 ICMP Flood Denial of Service Vulnerability — Cisco Firepower Threat Defense Software 8.6 -2020-10-21
CVE-2020-3572 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL/TLS Session Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 8.6 High2020-10-21
CVE-2020-3304 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software Web Services Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 7.5 -2020-10-21
CVE-2020-3373 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software IP Fragment Memory Leak Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 8.6 High2020-10-21
CVE-2020-3528 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software OSPFv2 Link-Local Signaling Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 8.6 High2020-10-21
CVE-2020-3529 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software SSL VPN Direct Memory Access Denial of Service Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 8.6 High2020-10-21
CVE-2020-3533 Cisco Firepower Threat Defense Software SNMP Denial of Service Vulnerability — Cisco Firepower Threat Defense Software 8.6 High2020-10-21
CVE-2020-1689 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames when deployed in a Virtual Chassis configuration — Junos OS 6.5 Medium2020-10-16
CVE-2020-1687 Junos OS: EX4300-MP/EX4600/QFX5K Series: High CPU load due to receipt of specific layer 2 frames in EVPN-VXLAN deployment. — Junos OS 6.5 Medium2020-10-16
CVE-2020-1684 Junos OS: SRX Series: High CPU load due to processing for HTTP traffic when Application Identification is enabled. — Junos OS 7.5 High2020-10-16
CVE-2020-1678 Junos OS and Junos OS Evolved: RPD can crash due to a slow memory leak. — Junos OS 6.5 Medium2020-10-16
CVE-2020-1670 Junos OS: EX4300 Series: High CPU load due to receipt of specific IPv4 packets — Junos OS 6.5 Medium2020-10-16
CVE-2020-1668 Junos OS: EX2300 Series: High CPU load due to receipt of specific multicast packets on layer 2 interface — Junos OS 6.5 Medium2020-10-16
CVE-2020-11645 GateManager Denial of Service Vulnerability — GateManager 6.5 Medium2020-10-15
CVE-2020-3543 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability — Cisco Video Surveillance 8000 Series IP Cameras 6.5 Medium2020-10-08
CVE-2020-1903 Facebook WhatsApp 资源管理错误漏洞 — WhatsApp for iOS 6.5 -2020-10-06
CVE-2020-1901 Facebook WhatsApp 资源管理错误漏洞 — WhatsApp for iOS 7.5 -2020-10-06
CVE-2020-3508 Cisco IOS XE Software for Cisco ASR 1000 Series 20-Gbps Embedded Services Processor IP ARP Denial of Service Vulnerability — Cisco IOS XE Software 7.4 High2020-09-24
CVE-2020-3559 Cisco Aironet Access Point Authentication Flood Denial of Service Vulnerability — Cisco Aironet Access Point Software 7.5 -2020-09-24
CVE-2020-3560 Cisco Aironet Access Points UDP Flooding Denial of Service Vulnerability — Cisco Aironet Access Point Software 7.5 -2020-09-24
CVE-2020-3569 Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerabilities — Cisco IOS XR Software 8.6 High2020-09-23
CVE-2020-8237 json-bigint 资源管理错误漏洞 — json-bigint 7.5 -2020-09-18
CVE-2020-8246 Citrix Systems 多款产品资源管理错误漏洞 — Citrix ADC, Citrix Gateway, Citrix SDWAN WAN-OP 9.8 -2020-09-18
CVE-2020-8251 Node.js 资源管理错误漏洞 — Node 7.5 -2020-09-18
CVE-2020-15166 Denial of Service in ZeroMQ — libzmq 7.5 High2020-09-11
CVE-2020-2039 PAN-OS: Management web interface denial-of-service (DoS) through unauthenticated file upload — PAN-OS 5.3 Medium2020-09-09
CVE-2020-14384 JBossWeb Bayeux 资源管理错误漏洞 — JBossWeb 7.5 -2020-09-09
CVE-2019-5645 Rapid7 Metasploit HTTP Handler Denial of Service — Metasploit Framework 7.5 High2020-09-01
CVE-2020-3566 Cisco IOS XR Software DVMRP Memory Exhaustion Vulnerability — Cisco IOS XR Software 8.6 High2020-08-29
CVE-2020-3505 Cisco Video Surveillance 8000 Series IP Cameras Cisco Discovery Protocol Memory Leak Vulnerability — Cisco Video Surveillance 8000 Series IP Cameras 6.5 Medium2020-08-26

Vulnerabilities classified as CWE-400 (未加控制的资源消耗(资源穷尽)) represent 1398 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.