Metalikelihood: Mediumseverity: MediumStable

CAPEC-130Excessive Allocation

Abstraction
Meta
Status
Stable
Likelihood
Medium
Severity
Medium

Description

An adversary causes the target to allocate excessive resources to servicing the attackers' request, thereby reducing the resources available for legitimate services and degrading or denying services. Usually, this attack focuses on memory allocation, but any finite resource on the target could be the attacked, including bandwidth, processing cycles, or other resources. This attack does not attempt to force this allocation through a large number of requests (that would be Resource Depletion through Flooding) but instead uses one or a small number of requests that are carefully formatted to force the target to allocate excessive resources to service this request(s). Often this attack takes advantage of a bug in the target to cause the target to allocate resources vastly beyond what would be needed for a normal request.

Related weaknesses· 3

CWE-404CWE-770CWE-1325

MITRE ATT&CK crosswalk· 1

T1499.003: Endpoint Denial of Service:Application Exhaustion Flood

Exploits3

TypeTargetConfidenceTier
WeaknessImproperly Controlled Sequential Memory Allocationcwe-1325100%live
WeaknessImproper Resource Shutdown or Releasecwe-404100%live
WeaknessAllocation of Resources Without Limits or Throttlingcwe-770100%live

Related to1

TypeTargetConfidenceTier
SubTechniqueApplication Exhaustion Floodt1499.003100%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CAPEC
Resource Leak Exposure
CAPEC
Flooding
CAPEC
Overflow Buffers
CAPEC
Buffer Manipulation
CAPEC
Amplification
CAPEC
Exponential Data Expansion
Sourced from MITRE CAPEC. Curated by Adam Lundqvist, SQUR.