CWE-400 - Resource exhaustion

Description

The software is applied to monitor and limit the size and amount of such resources, used by the actor, as memory, file system storage and database connection pool entries. In case of lack of limited data control, attacker's intervention causes using of huge number and size of resources that can lead to denial of service.
Problems with system would cause valid actor's inability to use the software properly. Performed attacks also have influence on application work, being able to slow it down or bring to a stop. If the system suffered from resource exhaustion, it is easy for attackers to provoke "fail open" and put the software and it's security functionality at risk.
The weakness is introduced during Operation, Architecture and Design, Implementation stages.

Latest vulnerabilities for CWE-400

References

Description of CWE-400 on Mitre website