CAPEC-131: Resource Leak Exposure
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests.
前提条件
- The target must have a resource leak that the adversary can repeatedly trigger.
所需资源
- None: No specialized resources are required to execute this type of attack.
后果影响
影响范围: Availability
技术影响: Unreliable Execution
说明: A successful resource leak exposure attack compromises the availability of the target system's services.
缓解措施
If possible, leverage coding language(s) that do not allow this weakness to occur (e.g., Java, Ruby, and Python all perform automatic garbage collection that releases memory for objects that have been deallocated).
Memory should always be allocated/freed using matching functions (e.g., malloc/free, new/delete, etc.)
Implement best practices with respect to memory management, including the freeing of all allocated resources at all exit points and ensuring consistency with how and where memory is freed in a function.
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1499 | Endpoint Denial of Service |
| WASC | 10 | Denial of Service |