2 vulnerabilities classified as CWE-769. AI Chinese analysis included.
CWE-769, now deprecated and merged into CWE-774, represents a resource management weakness where software fails to properly track or limit the number of open file descriptors. This vulnerability typically arises when applications allocate new file descriptors without closing previous ones, leading to uncontrolled consumption of system resources. Attackers exploit this by repeatedly triggering operations that open files, such as uploading numerous small attachments or sending excessive requests, eventually exhausting the system’s file descriptor limit. This denial-of-service condition prevents the application from handling legitimate requests, causing service degradation or complete failure. Developers mitigate this risk by implementing strict resource lifecycle management, ensuring every opened file descriptor is explicitly closed after use. Additionally, employing connection pooling, setting appropriate operating system limits, and utilizing language-specific garbage collection mechanisms help prevent the accumulation of unused descriptors, thereby maintaining system stability and availability.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-4001 | scipopt scip File Descriptor genRandomLOPInstance.c main file descriptor consumption — scip | 3.3 | Low | 2025-04-28 |
| CVE-2018-0358 | Cisco TelePresence Video Communication Server Expressway 安全漏洞 — Cisco TelePresence Video Communication Server unknown | 7.5 | - | 2018-06-21 |
Vulnerabilities classified as CWE-769 represent 2 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.