CWE-789 - Memory Allocation with Excessive Size Value

CWE-789

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Memory Allocation with Excessive Size Value

Description: The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Common Consequences: Scope: Availability
Impact: DoS: Resource Consumption (Memory)
Notes: Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system.

Related Weaknesses

CWE-476NULL Pointer DereferenceMedium

CWE-770Allocation of Resources Without Limits or ThrottlingHigh

Release Date:
2009-10-29

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard