CWE

Common Weakness Enumeration

A Community-Developed Dictionary of Software Weakness Types

Common Weakness Scoring System
Common Weakness Risk Analysis Framework
Home > CWE List > CWE- Individual Dictionary Definition (2.8)  

Presentation Filter:

CWE-769: File Descriptor Exhaustion

 
File Descriptor Exhaustion
Category ID: 769 (Category)Status: Incomplete
+ Description

Description Summary

The software can be influenced by an attacker to open more files than are supported by the system.

Extended Description

There are at least three distinct scenarios which can commonly lead to file descriptor exhaustion:

  • Lack of throttling for the number of open file descriptors

  • Losing all references to a file descriptor before reaching the shutdown stage

  • Not closing file descriptors after processing

+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Likelihood of Exploit

Low to Medium

+ Potential Mitigations

Phases: Implementation; Architecture and Design

If file I/O is being supported by an application for multiple users, balancing the resource allotment across the group may help to prevent exhaustion as well as differentiate malicious activity from an insufficient resource pool.

Phase: Implementation

Consider using the getrlimit() function included in the sys/resources library in order to determine how many files are currently allowed to be opened for the process.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfWeakness BaseWeakness Base400Uncontrolled Resource Consumption ('Resource Exhaustion')
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant773Missing Reference to Active File Descriptor or Handle
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant774Allocation of File Descriptors or Handles Without Limits or Throttling
Development Concepts (primary)699
ParentOfWeakness VariantWeakness Variant775Missing Release of File Descriptor or Handle after Effective Lifetime
Development Concepts (primary)699
+ References
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2009-05-08Internal CWE Team
Modifications
Modification DateModifierOrganizationSource
2010-04-05CWE Content TeamMITREInternal
updated Potential_Mitigations
2010-06-21CWE Content TeamMITREInternal
updated Description
2010-12-13CWE Content TeamMITREInternal
updated Description
2013-02-21CWE Content TeamMITREInternal
updated Maintenance_Notes
Page Last Updated: July 30, 2014