What Is An Uncontrolled Resource Consumption Error?

CWE-400 Uncontrolled Resource Consumption occurs when an application does not properly control the number and/or size of resources that it allocates, it can consume too many resources. This can lead to performance degradation, denial-of-service conditions, and resource leaks. In some cases, uncontrolled resource consumption may allow attackers to perform resource exhaustion attacks in which they can take control of the application or cause it to crash.

CWE-400 is a dangerous vulnerability because it can be exploited relatively easily and can have a significant impact on an application's availability and performance. There are many different types of resources that an application can consume, so this weakness can occur in a wide variety of situations. For example, an application may consume too much memory, CPU time, disk space, or network bandwidth.

To mitigate this weakness, developers should carefully control the number and size of resources that their applications allocate. They should also ensure that their applications release any unused resources when they are no longer needed. Additionally, developers should design their applications to gracefully handle situations in which resource consumption exceeds expectations.