ByteOS Network

CAPEC-130:Excessive Allocation

Attack Pattern ID:130

Version:v3.9

Attack Pattern Name:Excessive Allocation

Abstraction:Meta

Status:Stable

Likelihood of Attack:Medium

Typical Severity:Medium

Details Content History Related Weaknesses Reports

▼Description

An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.

▼Relationships

Nature	Type	ID	Name
ParentOf	S	230	Serialized Data with Nested Payloads
ParentOf	S	231	Oversized Serialized Data Payloads
ParentOf	S	492	Regular Expression Exponential Blowup
ParentOf	S	493	SOAP Array Blowup
ParentOf	S	494	TCP Fragmentation
ParentOf	S	495	UDP Fragmentation
ParentOf	S	496	ICMP Fragmentation

Nature: ParentOf

Type: Standard

ID: 230

Name: Serialized Data with Nested Payloads

Nature: ParentOf

Type: Standard

ID: 231

Name: Oversized Serialized Data Payloads

Nature: ParentOf

Type: Standard

ID: 492

Name: Regular Expression Exponential Blowup

Nature: ParentOf

Type: Standard

ID: 493

Name: SOAP Array Blowup

Nature: ParentOf

Type: Standard

ID: 494

Name: TCP Fragmentation

Nature: ParentOf

Type: Standard

ID: 495

Name: UDP Fragmentation

Nature: ParentOf

Type: Standard

ID: 496

Name: ICMP Fragmentation

▼Prerequisites

The target must accept service requests from the attacker and the adversary must be able to control the resource allocation associated with this request to be in excess of the normal allocation. The latter is usually accomplished through the presence of a bug on the target that allows the adversary to manipulate variables used in the allocation.

▼Resources Required

None: No specialized resources are required to execute this type of attack.

▼Consequences

Scope	Likelihood	Impact	Note
Availability	N/A	Resource Consumption	A successful excessive allocation attack forces the target system to exhaust its resources, thereby compromising the availability of its service.

Scope: Availability

Likelihood: N/A

Impact: Resource Consumption

Note: A successful excessive allocation attack forces the target system to exhaust its resources, thereby compromising the availability of its service.

▼Mitigations

Limit the amount of resources that are accessible to unprivileged users.

Assume all input is malicious. Consider all potentially relevant properties when validating input.

Consider uniformly throttling all requests in order to make it more difficult to consume resources more quickly than they can again be freed.

Use resource-limiting settings, if possible.

▼Example Instances

▼Related Weaknesses

ID	Name
CWE-1325	Improperly Controlled Sequential Memory Allocation
CWE-404	Improper Resource Shutdown or Release
CWE-770	Allocation of Resources Without Limits or Throttling

ID: CWE-1325

Name: Improperly Controlled Sequential Memory Allocation

ID: CWE-404

Name: Improper Resource Shutdown or Release

ID: CWE-770

Name: Allocation of Resources Without Limits or Throttling

▼Taxonomy Mappings

Taxonomy Name	Entry ID	Entry Name
ATTACK	1499.003	Endpoint Denial of Service:Application Exhaustion Flood
WASC	10	Denial of Service

Taxonomy Name: ATTACK

Entry ID: 1499.003

Entry Name: Endpoint Denial of Service:Application Exhaustion Flood

Taxonomy Name: WASC

Entry ID: 10

Entry Name: Denial of Service