CWE-1325: Improperly Controlled Sequential Memory Allocation

ID CWE-1325

Abstraction Base

Structure Simple

Status Incomplete

Number of CVEs 5

The product manages a group of objects or resources and performs a separate memory allocation for each object, but it does not properly limit the total amount of memory that is consumed by all of the combined objects.

While the product might limit the amount of memory that is allocated in a single operation for a single object (such as a malloc of an array), if an attacker can cause multiple objects to be allocated in separate operations, then this might cause higher total memory consumption than the developer intended, leading to a denial of service.

Modes of Introduction

Phase	Note
Implementation

Applicable Platforms

Type	Class	Name
Language		C
Language		C++
Language	Not Language-Specific

Relationships

View			Weakness
# ID	View	Status	# ID	Name	Abstraction	Structure	Status
CWE-1000	Research Concepts	Draft	CWE-770	Allocation of Resources Without Limits or Throttling	Base	Simple	Incomplete
CWE-1000	Research Concepts	Draft	CWE-789	Memory Allocation with Excessive Size Value	Variant	Simple	Draft
CWE-1000	Research Concepts	Draft	CWE-476	NULL Pointer Dereference	Base	Simple	Stable

Common Attack Pattern Enumeration and Classification (CAPEC)

The Common Attack Pattern Enumeration and Classification (CAPEC™) effort provides a publicly available catalog of common attack patterns that helps users understand how adversaries exploit weaknesses in applications and other cyber-enabled capabilities.

CAPEC at Mitre.org

# ID	Name	Weaknesses
CAPEC-130	Excessive Allocation	CWE-1325

CVEs Published

Based on CVE published date

CVSS Severity

CVSS Severity - By Year

CVSS Base Score

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date