CAPEC-131

Meta Abstraction Level
Meta — Very abstract, high-level category
Standard — Specific enough to understand
Detailed — Tied to specific technique
Stable MITRE CAPEC Status
Stable — Fully reviewed and complete
Draft — Under development
Incomplete — Partially defined
Deprecated — No longer recommended
Obsolete — Replaced by another CAPEC
Likelihood: Medium Severity: Medium
Resource Leak Exposure

Description

An adversary utilizes a resource leak on the target to deplete the quantity of the resource available to service legitimate requests.

Prerequisites

The target must have a resource leak that the adversary can repeatedly trigger.

Mitigations

If possible, leverage coding language(s) that do not allow this weakness to occur (e.g., Java, Ruby, and Python all perform automatic garbage collection that releases memory for objects that have been deallocated).

Memory should always be allocated/freed using matching functions (e.g., malloc/free, new/delete, etc.)

Implement best practices with respect to memory management, including the freeing of all allocated resources at all exit points and ensuring consistency with how and where memory is freed in a function.