CWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling
Learn about CWE-774 (Allocation of File Descriptors or Handles Without Limits or Throttling), its security impact, exploitation methods, and prevention guidelines.
What is Allocation of File Descriptors or Handles Without Limits or Throttling?
• Overview: Allocation of File Descriptors or Handles Without Limits or Throttling occurs when a program allows users to open or allocate file descriptors or handles without imposing any restrictions, potentially violating security policies and leading to resource exhaustion.
• Exploitation Methods:
- Attackers can continuously request new file descriptors or handles until all system resources are exhausted.
- Common attack patterns include automated scripts that repeatedly open files or network connections, leading to denial of service (DoS).
• Security Impact:
- Direct consequences include the inability of the system to open new files or connections, affecting application availability.
- Potential cascading effects involve the failure of other applications relying on file descriptors or handles, causing system-wide outages.
- Business impact may include loss of service, reduced productivity, and potential financial losses due to downtime.
• Prevention Guidelines:
- Implement limits on the number of file descriptors or handles a single user or process can open at any given time.
- Use resource throttling techniques to control the rate at which resources are allocated.
- Employ monitoring tools to detect unusual patterns of resource allocation and take corrective action.
- Utilize operating system features and libraries that provide resource management and limit enforcement.
Technical Details
Likelihood of Exploit:
Affected Languages: Not specified
Affected Technologies: Not specified