CWE-789

過剰なサイズ値でのメモリ割り当て

Memory Allocation with Excessive Size Value

脆弱性レビュー中

日本語説明

この製品は、信頼できない大きなサイズの値に基づいてメモリを割り当てますが、サイズが想定される範囲内であることを保証しないため、任意の量のメモリを割り当てることができます。

原文 (English)

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of memory to be allocated.

関連する脆弱性

想定される影響

Scope: Availability / Impact: DoS: Resource Consumption (Memory)

対策・緩和策

Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.

Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.

外部リンク

MITRE公式ページ — CWE-789