The software's resource pool is not large enough to handle peak demand, which allows an attacker to prevent others from accessing the resource by using a (relatively) large number of requests for resources.
Frequently the consequence is a "flood" of connection or sessions.
Time of Introduction
Architecture and Design
Technical Impact: DoS: crash / exit /
Floods often cause a crash or other problem besides denial of the
resource itself; these are likely examples of *other* vulnerabilities,
not an insufficient resource pool.
In the following snippet from a Tomcat configuration file, a JDBC
connection pool is defined with a maximum of 5 simultaneous connections
(with a 60 second timeout). In this case, it may be trivial for an attacker
to instigate a denial of service (DoS) by using up all of the available
connections in the pool.