Dark Mode

Settings

Capec-130 Detail

Excessive Allocation

Meta Communications Software Likelihood: Medium Typical Severity: Medium

Children: 230 231 492 493 494 495 496

Threats: T61 T64 T74 T77 T264 T265 T269 T282 T289 T308 T309 T374 T401

Description

An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.

Not present

External ID Source Link Description
CAPEC-130 capec https://capec.mitre.org/data/definitions/130.html
CWE-404 cwe http://cwe.mitre.org/data/definitions/404.html
CWE-770 cwe http://cwe.mitre.org/data/definitions/770.html
CWE-1325 cwe http://cwe.mitre.org/data/definitions/1325.html
T1499.003 ATTACK https://attack.mitre.org/wiki/Technique/T1499/003 Endpoint Denial of Service:Application Exhaustion Flood
10 WASC http://projects.webappsec.org/Denial-of-Service Denial of Service

Not present

  1. The target must accept service requests from the attacker and the adversary must be able to control the resource allocation associated with this request to be in excess of the normal allocation. The latter is usually accomplished through the presence of a bug on the target that allows the adversary to manipulate variables used in the allocation.
  1. None: No specialized resources are required to execute this type of attack.

Not present

Availability
Resource Consumption (A successful excessive allocation attack forces the target system to exhaust its resources, thereby compromising the availability of its service.)
  1. In an Integer Attack, the adversary could cause a variable that controls allocation for a request to hold an excessively large value. Excessive allocation of resources can render a service degraded or unavailable to legitimate users and can even lead to crashing of the target.

We use cookies to ensure you get the best experience on our website.