1. Home
  2. CWE Database
  3. CWE-774
Variant · Low-Medium

CWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling

The product allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for tha...

CWE-774 · Variant Level ·1 Mitigations

Description

The product allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for that actor.

This can cause the product to consume all available file descriptors or handles, which can prevent other processes from performing critical file processing operations.

Potential Impact

Availability

DoS: Resource Consumption (Other)

Mitigations & Prevention

OperationArchitecture and Design

Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems. When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resour

Detection Methods

  • Automated Static Analysis — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

CWE-770: Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended rest...

Taxonomy Mappings

  • Software Fault Patterns: SFP13 — Unrestricted Consumption

Frequently Asked Questions

What is CWE-774?

CWE-774 (Allocation of File Descriptors or Handles Without Limits or Throttling) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Variant-level weakness. The product allocates file descriptors or handles on behalf of an actor without imposing any restrictions on how many descriptors can be allocated, in violation of the intended security policy for tha...

How can CWE-774 be exploited?

Attackers can exploit CWE-774 (Allocation of File Descriptors or Handles Without Limits or Throttling) to dos: resource consumption (other). This weakness is typically introduced during the Architecture and Design, Implementation phase of software development.

How do I prevent CWE-774?

Key mitigations include: Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resourc

What is the severity of CWE-774?

CWE-774 is classified as a Variant-level weakness (Low-Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.