VariantDraft

CWE-789Memory Allocation with Excessive Size Value

Category: memory

Description

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

Common consequences· 1

  • Availability — DoS: Resource Consumption (Memory)
    Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system.

Potential mitigations· 2

  • [Implementation, Architecture and Design]Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
  • [Operation]Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.

References

  1. https://cwe.mitre.org/data/definitions/789.html

Compliance frameworks addressing this (incoming)1

TypeTargetConfidenceTier
ComplianceControlowasp_llm_top10-llm10100%live

(incoming)1

TypeTargetConfidenceTier
VulnerabilityCVE-2026-27809cve-2026-278090%live

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Integer Overflow to Buffer Overflow
CWE
Incorrect Calculation of Buffer Size
CWE
Improperly Controlled Sequential Memory Allocation
CWE
Buffer Access with Incorrect Length Value
CWE
Buffer Access Using Size of Source Buffer
CWE
Improper Restriction of Operations within the Bounds of a Memory Buffer
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.