Availability / Uncontrolled Resource Consumption

CWE Top 25 (2022)Web and API

Description

Uncontrolled Resource Consumption (CWE-399) is a vulnerability that occurs when a system or application fails to properly manage resources such as memory, CPU capacity, disk space, or network bandwidth. It can be caused by an attacker attempting to exhaust system resources and can result in denial of service (DoS) or complete system failure. This vulnerability is listed in the CWE Top 25 (2022) as well as the OWASP Testing Guide.

Risk

This vulnerability can cause significant damage to a system and can lead to DoS attacks, data loss, and complete system failure. The severity of the risk depends on the type of system being targeted and the resources that are being consumed.

Solution

The best way to mitigate the risk of Uncontrolled Resource Consumption is to ensure that resources are properly managed and monitored. This can be done by implementing security controls such as rate limiting or resource limits. Additionally, it is important to monitor the system for signs of resource exhaustion, such as high CPU usage or disk utilization.

Example

// code to illustrate resource exhaustion
while (true) {
  // code that consumes resources
}

This code will cause a system to exhaust its resources, as it will continue to loop infinitely and consume more and more resources.

Curious? Convinced? Interested?

Arrange a no-obligation consultation with one of our product experts today.