Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CWE-774:Allocation of File Descriptors or Handles Without Limits or Throttling
Weakness ID:774
Version:v4.17
Weakness Name:Allocation of File Descriptors or Handles Without Limits or Throttling
Vulnerability Mapping:Allowed
Abstraction:Variant
Structure:Simple
Status:Incomplete
Likelihood of Exploit:Low
DetailsContent HistoryObserved CVE ExamplesReports
▼Description

The product allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.

▼Extended Description

This can cause the product to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations.

▼Alternate Terms
File Descriptor Exhaustion

▼Relationships
Relevant to the view"Research Concepts - (1000)"
NatureMappingTypeIDName
ChildOfAllowedB770Allocation of Resources Without Limits or Throttling
Nature: ChildOf
Mapping: Allowed
Type: Base
ID: 770
Name: Allocation of Resources Without Limits or Throttling
▼Memberships
NatureMappingTypeIDName
MemberOfProhibitedC985SFP Secondary Cluster: Unrestricted Consumption
MemberOfProhibitedC1416Comprehensive Categorization: Resource Lifecycle Management
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 985
Name: SFP Secondary Cluster: Unrestricted Consumption
Nature: MemberOf
Mapping: Prohibited
Type:Category
ID: 1416
Name: Comprehensive Categorization: Resource Lifecycle Management
▼Tags
NatureMappingTypeIDName
MemberOfProhibitedBSBOSS-275Low likelihood of exploit
MemberOfProhibitedBSBOSS-289Resource Limitation Strategy
MemberOfProhibitedBSBOSS-333DoS: Resource Consumption (Other) (impact)
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-275
Name: Low likelihood of exploit
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-289
Name: Resource Limitation Strategy
Nature: MemberOf
Mapping: Prohibited
Type:BOSSView
ID: BOSS-333
Name: DoS: Resource Consumption (Other) (impact)
▼Relevant To View
Relevant to the view"Software Fault Pattern (SFP) Clusters - (888)"
NatureMappingTypeIDName
MemberOfProhibitedC985SFP Secondary Cluster: Unrestricted Consumption
Nature: MemberOf
Mapping: Prohibited
Type: Category
ID: 985
Name: SFP Secondary Cluster: Unrestricted Consumption
▼Background Detail

▼Common Consequences
ScopeLikelihoodImpactNote
AvailabilityN/ADoS: Resource Consumption (Other)

When allocating resources without limits, an attacker could prevent all other processes from accessing the same type of resource.

Scope: Availability
Likelihood: N/A
Impact: DoS: Resource Consumption (Other)
Note:

When allocating resources without limits, an attacker could prevent all other processes from accessing the same type of resource.

▼Potential Mitigations
Phase:Operation, Architecture and Design
Mitigation ID: MIT-47
Strategy: Resource Limitation
Effectiveness:
Description:

Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.

When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.

Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703).

Note:

▼Modes Of Introduction
Phase: Architecture and Design
Note:

N/A

Phase: Implementation
Note:

N/A

▼Applicable Platforms
▼Demonstrative Examples
▼Observed Examples
ReferenceDescription
▼Affected Resources
    ▼Functional Areas
      ▼Weakness Ordinalities
      OrdinalityDescription
      ▼Detection Methods
      ▼Vulnerability Mapping Notes
      Usage:Allowed
      Reason:Acceptable-Use
      Rationale:

      This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.

      Comments:

      Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.

      Suggestions:
      ▼Notes
      ▼Taxonomy Mappings
      Taxonomy NameEntry IDFitEntry Name
      Software Fault PatternsSFP13N/AUnrestricted Consumption
      Taxonomy Name: Software Fault Patterns
      Entry ID: SFP13
      Fit: N/A
      Entry Name: Unrestricted Consumption
      ▼Related Attack Patterns
      IDName
      ▼References
      Reference ID: REF-62
      Title: The Art of Software Security Assessment
      Author: Mark Dowd, John McDonald, Justin Schuh
      Section: Chapter 10, "Resource Limits", Page 574
      Publication:
      Publisher:Addison Wesley
      Edition:1st Edition
      URL:
      URL Date:
      Day:N/A
      Month:N/A
      Year:2006
      Details not found