Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (3.0)  

CWE-769: Uncontrolled File Descriptor Consumption

Weakness ID: 769
Abstraction: Base
Structure: Simple
Status: Incomplete
Presentation Filter:
+ Description
The software does not properly limit the number of open file descriptors that it uses.
+ Extended Description

When an attacker can influence the consumption of file descriptors, the attacker might be able to prevent the process from opening files for writing or reading. In some cases, file descriptor exhaustion could affect other processes.

There are at least three distinct scenarios which can commonly lead to file descriptor exhaustion:

  • Lack of throttling for the number of open file descriptors
  • Losing all references to a file descriptor before reaching the shutdown stage
  • Not closing file descriptors after processing
+ Alternate Terms
File descriptor exhaustion
+ Relationships

The table(s) below shows the weaknesses and high level categories that are related to this weakness. These relationships are defined as ChildOf, ParentOf, MemberOf and give insight to similar items that may exist at higher and lower levels of abstraction. In addition, relationships such as PeerOf and CanAlsoBe are defined to show similar weaknesses that the user may want to explore.

+ Relevant to the view "Weaknesses for Simplified Mapping of Published Vulnerabilities" (CWE-1003)
+ Modes Of Introduction

The different Modes of Introduction provide information about how and when this weakness may be introduced. The Phase identifies a point in the software life cycle at which introduction may occur, while the Note provides a typical scenario related to introduction during the given phase.

Architecture and Design
+ Likelihood Of Exploit
+ Potential Mitigations

Phases: Implementation; Architecture and Design

If file I/O is being supported by an application for multiple users, balancing the resource allotment across the group may help to prevent exhaustion as well as differentiate malicious activity from an insufficient resource pool.

Phase: Implementation

Consider using the getrlimit() function included in the sys/resources library in order to determine how many files are currently allowed to be opened for the process.
+ References
[REF-664] " man page for getrlmit()". <>.
+ Content History
Submission DateSubmitterOrganization
2009-05-08CWE Content TeamMITRE
Modification DateModifierOrganization
2010-04-05CWE Content TeamMITRE
updated Potential_Mitigations
2010-06-21CWE Content TeamMITRE
updated Description
2010-12-13CWE Content TeamMITRE
updated Description
2013-02-21CWE Content TeamMITRE
updated Maintenance_Notes
2015-12-07CWE Content TeamMITRE
updated Relationships
2017-11-08CWE Content TeamMITRE
updated Alternate_Terms, Description, Likelihood_of_Exploit, Name, Relationships, Type
Previous Entry Names
Change DatePrevious Entry Name
2017-11-08File Descriptor Exhaustion

More information is available — Please select a different filter.
Page Last Updated: January 18, 2018