Description
The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.
While the product might limit the amount of memory that is allocated in a single operation for a single object (such as a malloc of an array), if an attacker can cause multiple objects to be allocated in separate operations, then this might cause higher total memory consumption than the developer intended, leading to a denial of service.
Potential Impact
Availability
DoS: Resource Consumption (Memory)
Demonstrative Examples
// Gets the size from the number of objects in a database, which over time can conceivably get very large
int end_limit = get_nmbr_obj_from_db();
int i;
int *base = NULL;
int *p =base;
for (i = 0; i < end_limit; i++)
{
*p = alloca(sizeof(int *)); // Allocate memory on the stack
p = *p; // // Point to the next location to be saved
}Mitigations & Prevention
Ensure multiple allocations of the same kind of object are properly tracked - possibly across multiple sessions, requests, or messages. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
Run the program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
Real-World CVE Examples
| CVE ID | Description |
|---|---|
| CVE-2020-36049 | JavaScript-based packet decoder uses concatenation of many small strings, causing out-of-memory (OOM) condition |
| CVE-2019-20176 | Product allocates a new buffer on the stack for each file in a directory, allowing stack exhaustion |
| CVE-2013-1591 | Chain: an integer overflow (CWE-190) in the image size calculation causes an infinite loop (CWE-835) which sequentially allocates buffers without limits (CWE-1325) until the stack is full. |
Related Weaknesses
Frequently Asked Questions
What is CWE-1325?
CWE-1325 (Improperly Controlled Sequential Memory Allocation) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the...
How can CWE-1325 be exploited?
Attackers can exploit CWE-1325 (Improperly Controlled Sequential Memory Allocation) to dos: resource consumption (memory). This weakness is typically introduced during the Implementation phase of software development.
How do I prevent CWE-1325?
Key mitigations include: Ensure multiple allocations of the same kind of object are properly tracked - possibly across multiple sessions, requests, or messages. Define an appropriate strategy for handling requests that exceed
What is the severity of CWE-1325?
CWE-1325 is classified as a Base-level weakness (Medium abstraction). It has been observed in 3 real-world CVEs.