Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-774 (不加限制或调节进行文件描述符或句柄的分配) — Vulnerability Class 1

1 vulnerabilities classified as CWE-774 (不加限制或调节进行文件描述符或句柄的分配). AI Chinese analysis included.

CWE-774 represents a resource management weakness where software fails to enforce limits on file descriptor or handle allocations for specific actors. This vulnerability typically arises when applications accept untrusted input or process external requests without capping the number of open files, allowing malicious users to exhaust system resources. By rapidly opening numerous connections or files, an attacker can trigger a denial-of-service condition, preventing legitimate processes from accessing critical data or performing essential operations. To mitigate this risk, developers must implement strict throttling mechanisms and enforce quotas on resource consumption per user or session. Utilizing operating system-level limits, such as ulimit in Unix-like systems, and integrating application-level counters ensures that resource exhaustion is prevented, maintaining system stability and availability against abuse.

MITRE CWE Description
The product allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor. This can cause the product to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations.
Common Consequences (1)
AvailabilityDoS: Resource Consumption (Other)
When allocating resources without limits, an attacker could prevent all other processes from accessing the same type of resource.
Mitigations (1)
Operation, Architecture and DesignUse resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems. When the current levels get close to the maximum that is define…
CVE IDTitleCVSSSeverityPublished
CVE-2024-48848 LARGECONTENT - device disk overutilization — ASPECT-Enterprise 6.5 Medium2025-05-22

Vulnerabilities classified as CWE-774 (不加限制或调节进行文件描述符或句柄的分配) represent 1 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.