CVE Vulnerabilities

CVE-2019-9514

Allocation of Resources Without Limits or Throttling

Published: Aug 13, 2019 | Modified: Nov 07, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
7.5 IMPORTANT
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Ubuntu
MEDIUM

Some HTTP/2 implementations are vulnerable to a reset flood, potentially leading to a denial of service. The attacker opens a number of streams and sends an invalid request over each stream that should solicit a stream of RST_STREAM frames from the peer. Depending on how the peer queues the RST_STREAM frames, this can consume excess memory, CPU, or both.

Weakness

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

Affected Software

Name Vendor Start Version End Version
Swiftnio Apple 1.0.0 (including) 1.4.0 (including)
Red Hat AMQ RedHat jetty *
Red Hat AMQ 7.4.3 RedHat jetty *
Red Hat Data Grid 7.3.3 RedHat netty *
Red Hat Decision Manager 7 RedHat netty *
Red Hat Developer Tools RedHat go-toolset-1.11-0:1.11.13-1.el7 *
Red Hat Developer Tools RedHat go-toolset-1.11-golang-0:1.11.13-2.el7 *
Red Hat Enterprise Linux 7 Extras RedHat containernetworking-plugins-0:0.8.1-4.el7_7 *
Red Hat Enterprise Linux 8 RedHat go-toolset:rhel8-8000120190828225436.14bc675c *
Red Hat Enterprise Linux 8 RedHat nodejs:10-8000020190911085529.f8e95b4e *
Red Hat Enterprise Linux 8 RedHat container-tools:rhel8-8010020191126140055.c294d161 *
Red Hat Enterprise Linux 8 RedHat container-tools:1.0-8010020191126173920.c294d161 *
Red Hat Fuse 6.3 RedHat netty *
Red Hat Fuse 7.5.0 RedHat grpc *
Red Hat Fuse 7.5.0 RedHat netty *
Red Hat Fuse 7.6.0 RedHat golang *
Red Hat Fuse 7.6.0 RedHat undertow *
Red Hat JBoss EAP 7.2 RedHat undertow *
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 RedHat eap7-apache-commons-beanutils-0:1.9.4-1.redhat_00002.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 RedHat eap7-infinispan-0:8.2.11-1.SP2_redhat_00001.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 RedHat eap7-jackson-databind-0:2.8.11.5-1.redhat_00001.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 RedHat eap7-log4j-jboss-logmanager-0:1.2.2-1.Final_redhat_00002.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 RedHat eap7-netty-0:4.1.45-1.Final_redhat_00001.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 RedHat eap7-undertow-0:1.4.18-12.SP12_redhat_00001.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 RedHat eap7-wildfly-0:7.1.7-2.GA_redhat_00002.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.1 EUS for RHEL 7 RedHat eap7-wildfly-elytron-0:1.1.13-1.Final_redhat_00001.1.ep7.el7 *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 6 RedHat eap7-yasson-0:1.0.5-1.redhat_00001.1.el6eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 7 RedHat eap7-yasson-0:1.0.5-1.redhat_00001.1.el7eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-apache-cxf-0:3.2.10-1.redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-byte-buddy-0:1.9.11-1.redhat_00002.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-glassfish-jsf-0:2.3.5-5.SP3_redhat_00003.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-hal-console-0:3.0.17-2.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-hibernate-0:5.3.13-1.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-ironjacamar-0:1.4.18-1.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-jboss-genericjms-0:2.0.2-1.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-jboss-msc-0:1.4.11-1.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-jboss-remoting-0:5.0.16-2.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-jboss-server-migration-0:1.3.1-6.Final_redhat_00006.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-jboss-xnio-base-0:3.7.6-2.SP1_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-picketbox-0:5.0.3-6.Final_redhat_00005.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-picketlink-bindings-0:2.5.5-20.SP12_redhat_00009.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-picketlink-federation-0:2.5.5-20.SP12_redhat_00009.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-resteasy-0:3.6.1-7.SP7_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-undertow-0:2.0.26-2.SP3_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-wildfly-0:7.2.5-4.GA_redhat_00002.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-wildfly-elytron-0:1.6.5-1.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-wildfly-elytron-tool-0:1.4.4-1.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-wildfly-http-client-0:1.0.17-1.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-wildfly-openssl-0:1.0.8-1.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-wildfly-openssl-linux-x86_64-0:1.0.8-5.Final_redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform 7.2 for RHEL 8 RedHat eap7-yasson-0:1.0.5-1.redhat_00001.1.el8eap *
Red Hat JBoss Enterprise Application Platform Continuous Delivery RedHat *
Red Hat OpenShift Container Platform 3.10 RedHat atomic-openshift-0:3.10.170-1.git.0.8e592d6.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat apb-0:1.9.8-1.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-0:3.11.153-1.git.0.aaf3f71.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat cri-tools-0:1.11.1-2.rhaos3.11.gitedabfb5.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-monitor-project-lifecycle-0:3.11.51-2.git.59.7b59e29.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat cri-o-0:1.11.16-0.2.dev.rhaos3.11.git3f89eba.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-enterprise-service-catalog-1:3.11.154-1.git.1.fa68ced.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-cluster-autoscaler-0:3.11.154-1.git.1.532da7a.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-descheduler-0:3.11.154-1.git.1.1d31032.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-metrics-server-0:3.11.154-1.git.1.6a6b6ce.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-node-problem-detector-0:3.11.154-1.git.1.5e8e065.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-service-idler-0:3.11.154-1.git.1.f80fb86.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat atomic-openshift-web-console-0:3.11.154-1.git.1.f54cb18.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat cockpit-0:195-2.rhaos.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat csi-attacher-0:0.2.0-4.git27299be.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat csi-driver-registrar-0:0.2.0-2.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat csi-livenessprobe-0:0.0.1-2.gitff5b6a0.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat csi-provisioner-0:0.2.0-3.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-openshift-oauth-proxy-0:3.11.154-1.git.1.220e3dc.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-prometheus-alertmanager-0:3.11.154-1.git.1.4acd2e6.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-prometheus-node_exporter-0:3.11.154-1.git.1.bc9f224.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat golang-github-prometheus-prometheus-0:3.11.154-1.git.1.148db48.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat hawkular-openshift-agent-0:1.2.2-3.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat heapster-0:1.3.0-4.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat image-inspector-0:2.4.0-4.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-enterprise-autoheal-0:3.11.154-1.git.1.13199be.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-enterprise-cluster-capacity-0:3.11.154-1.git.1.5798c2c.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-eventrouter-0:0.2-4.git7c289cc.el7 *
Red Hat OpenShift Container Platform 3.11 RedHat openshift-external-storage-0:0.0.2-9.gitd3c94f0.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat ansible-service-broker-0:1.1.20-2.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat atomic-openshift-0:3.9.101-1.git.0.150f595.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat atomic-openshift-descheduler-0:3.9.13-2.git.267.bb59a3f.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat atomic-openshift-dockerregistry-0:3.9.101-1.git.1.13625cf.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat atomic-openshift-node-problem-detector-0:3.9.13-2.git.167.5d6b0d4.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat atomic-openshift-web-console-0:3.9.101-1.git.1.601c6d2.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat cockpit-0:195-2.rhaos.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat containernetworking-plugins-0:0.5.2-6.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat cri-o-0:1.9.16-3.git858756d.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat cri-tools-0:1.0.0-6.rhaos3.9.git8e6013a.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat golang-github-openshift-oauth-proxy-0:2.1-3.git885c9f40.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat golang-github-prometheus-alertmanager-0:0.14.0-2.git30af4d0.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat golang-github-prometheus-node_exporter-0:3.9.101-1.git.1.8295224.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat golang-github-prometheus-prometheus-0:2.2.1-2.gitbc6058c.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat golang-github-prometheus-promu-0:0-5.git85ceabc.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat hawkular-openshift-agent-0:1.2.2-3.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat heapster-0:1.3.0-4.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat image-inspector-0:2.1.3-2.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat openshift-enterprise-image-registry-0:3.8.0-2.git.216.b6b90bb.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat openshift-eventrouter-0:0.1-3.git5bd9251.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat openshift-external-storage-0:0.0.1-9.git78d6339.el7 *
Red Hat OpenShift Container Platform 3.9 RedHat openvswitch-ovn-kubernetes-0:0.1.0-3.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat ansible-service-broker-1:1.4.4-2.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/apb-base:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/mariadb-apb:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/mediawiki:v4.1.14-201909040920 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/mediawiki-apb:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/mysql-apb:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-ansible-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-aws-machine-controllers:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-azure-machine-controllers:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-baremetal-machine-controllers:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cli:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cli-artifacts:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cloud-credential-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-authentication-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-autoscaler:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-autoscaler-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-bootstrap:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-capacity:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-config-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-dns-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-image-registry-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-ingress-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-kube-apiserver-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-kube-controller-manager-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-kube-scheduler-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-logging-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-machine-approver:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-monitoring-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-network-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-node-tuning-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-openshift-apiserver-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-openshift-controller-manager-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-samples-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-storage-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-update-keys:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-cluster-version-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-configmap-reloader:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-console:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-console-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-coredns:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-deployer:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-descheduler:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-descheduler-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-docker-builder:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-docker-registry:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-egress-dns-proxy:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-egress-http-proxy:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-egress-router:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-elasticsearch-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-etcd:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-grafana:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-haproxy-router:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-hyperkube:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-hypershift:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-installer:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-installer-artifacts:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-jenkins:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-jenkins-agent-base:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-jenkins-agent-maven:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-k8s-prometheus-adapter:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-keepalived-ipfailover:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-kube-proxy:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-kube-rbac-proxy:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-kube-state-metrics:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-libvirt-machine-controllers:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-logging-curator5:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-logging-elasticsearch5:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-logging-eventrouter:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-logging-fluentd:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-machine-api-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-machine-config-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-multus-admission-controller:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-multus-cni:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-must-gather:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-oauth-proxy:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-openstack-machine-controllers:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-operator-lifecycle-manager:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-operator-marketplace:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-operator-registry:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-ovn-kubernetes:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-pod:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-prometheus:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-prometheus-alertmanager:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-prometheus-config-reloader:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-prometheus-node-exporter:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-prometheus-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-prom-label-proxy:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-service-ca-operator:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-sriov-cni:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-sriov-dp-admission-controller:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-sriov-network-device-plugin:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-telemeter:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-tests:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/postgres-apb:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/postgresql-apb:v4.1.14-201908291507 *
Red Hat OpenShift Container Platform 4.1 RedHat atomic-enterprise-service-catalog-1:4.1.14-201908290858.git.1.28cc9ff.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift-0:4.1.14-201908290858.git.0.3bd3467.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-multus-cni:v4.1.15-201909041605 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-operator-lifecycle-manager:v4.1.15-201909041605 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-operator-registry:v4.1.15-201909041605 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift4/ose-sriov-network-device-plugin:v4.1.18-201909201915 *
Red Hat OpenShift Container Platform 4.1 RedHat cri-o-0:1.13.11-0.13.dev.rhaos4.1.gitbdeb2ca.el8 *
Red Hat OpenShift Container Platform 4.1 RedHat cri-tools-0:1.13.0-2.rhaos4.1.gitc06001f.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat faq-0:0.0.6-4.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat ignition-0:0.32.0-2.git5941fc0.el8 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift-external-storage-0:0.0.2-7.gitd3c94f0.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat pivot-0:0.0.5-2.el8 *
Red Hat OpenShift Container Platform 4.1 RedHat ansible-operator-0:0.0.1-3.git.59.4beb3d2.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat apb-0:2.0.3-2.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat containernetworking-plugins-0:0.8.1-4.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat golang-github-openshift-prometheus-alert-buffer-0:0-3.gitceca8c1.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat golang-github-prometheus-promu-0:0-5.git85ceabc.el7 *
Red Hat OpenShift Container Platform 4.1 RedHat openshift-eventrouter-0:0.2-3.gited73fb6.el7 *
Red Hat OpenShift Container Platform 4.2 RedHat apb-0:2.0.3-2.el7 *
Red Hat OpenShift Container Platform 4.2 RedHat containernetworking-plugins-0:0.8.1-4.el7 *
Red Hat OpenShift Container Platform 4.2 RedHat golang-github-prometheus-promu-0:0.5.0-2.git642a960.el7 *
Red Hat OpenStack Platform 14.0 (Rocky) RedHat skydive-0:0.20.5-2.el7ost *
Red Hat Process Automation 7 RedHat netty *
Red Hat Quay 3 RedHat quay3/clair-jwt:v2.0.9-7 *
Red Hat Single Sign-On 7.3 RedHat netty *
Red Hat Single Sign-On 7.3 for RHEL 6 RedHat rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el6sso *
Red Hat Single Sign-On 7.3 for RHEL 7 RedHat rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el7sso *
Red Hat Single Sign-On 7.3 for RHEL 8 RedHat rh-sso7-keycloak-0:4.8.15-1.Final_redhat_00001.1.el8sso *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-nodejs10-0:3.2-3.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-nodejs10-nodejs-0:10.16.3-3.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-nodejs8-0:3.0-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7 RedHat rh-nodejs8-nodejs-0:8.16.1-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS RedHat rh-nodejs10-0:3.2-3.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS RedHat rh-nodejs10-nodejs-0:10.16.3-3.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS RedHat rh-nodejs8-0:3.0-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS RedHat rh-nodejs8-nodejs-0:8.16.1-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat rh-nodejs10-0:3.2-3.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat rh-nodejs10-nodejs-0:10.16.3-3.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat rh-nodejs8-0:3.0-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS RedHat rh-nodejs8-nodejs-0:8.16.1-2.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-nodejs10-0:3.2-3.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-nodejs10-nodejs-0:10.16.3-3.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-nodejs8-0:3.0-5.el7 *
Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS RedHat rh-nodejs8-nodejs-0:8.16.1-2.el7 *
Text-Only RHOAR RedHat *
Golang-1.10 Ubuntu bionic *
Golang-1.10 Ubuntu disco *
Golang-1.10 Ubuntu esm-infra/bionic *
Golang-1.10 Ubuntu trusty/esm *
Golang-1.10 Ubuntu xenial *
Golang-1.11 Ubuntu disco *
Golang-1.12 Ubuntu disco *
Golang-1.12 Ubuntu eoan *
Golang-1.6 Ubuntu xenial *
Golang-1.8 Ubuntu bionic *
Golang-1.8 Ubuntu esm-apps/bionic *
Golang-1.9 Ubuntu bionic *
Golang-1.9 Ubuntu esm-apps/bionic *
Golang-google-grpc Ubuntu bionic *
Golang-google-grpc Ubuntu cosmic *
Golang-google-grpc Ubuntu devel *
Golang-google-grpc Ubuntu disco *
Golang-google-grpc Ubuntu eoan *
Golang-google-grpc Ubuntu esm-apps/bionic *
Golang-google-grpc Ubuntu esm-apps/focal *
Golang-google-grpc Ubuntu esm-apps/jammy *
Golang-google-grpc Ubuntu esm-apps/noble *
Golang-google-grpc Ubuntu esm-apps/xenial *
Golang-google-grpc Ubuntu focal *
Golang-google-grpc Ubuntu groovy *
Golang-google-grpc Ubuntu hirsute *
Golang-google-grpc Ubuntu impish *
Golang-google-grpc Ubuntu jammy *
Golang-google-grpc Ubuntu kinetic *
Golang-google-grpc Ubuntu lunar *
Golang-google-grpc Ubuntu mantic *
Golang-google-grpc Ubuntu noble *
Golang-google-grpc Ubuntu oracular *
Golang-google-grpc Ubuntu xenial *
Grpc Ubuntu bionic *
Grpc Ubuntu cosmic *
Grpc Ubuntu devel *
Grpc Ubuntu disco *
Grpc Ubuntu eoan *
Grpc Ubuntu esm-apps/bionic *
Grpc Ubuntu esm-apps/focal *
Grpc Ubuntu esm-apps/jammy *
Grpc Ubuntu esm-apps/noble *
Grpc Ubuntu esm-apps/xenial *
Grpc Ubuntu focal *
Grpc Ubuntu groovy *
Grpc Ubuntu hirsute *
Grpc Ubuntu impish *
Grpc Ubuntu jammy *
Grpc Ubuntu kinetic *
Grpc Ubuntu lunar *
Grpc Ubuntu mantic *
Grpc Ubuntu noble *
Grpc Ubuntu oracular *
Grpc Ubuntu xenial *
H2o Ubuntu bionic *
H2o Ubuntu disco *
H2o Ubuntu trusty *
Netty Ubuntu bionic *
Netty Ubuntu cosmic *
Netty Ubuntu devel *
Netty Ubuntu disco *
Netty Ubuntu eoan *
Netty Ubuntu esm-apps/bionic *
Netty Ubuntu esm-apps/focal *
Netty Ubuntu esm-apps/jammy *
Netty Ubuntu esm-apps/noble *
Netty Ubuntu focal *
Netty Ubuntu groovy *
Netty Ubuntu hirsute *
Netty Ubuntu impish *
Netty Ubuntu jammy *
Netty Ubuntu kinetic *
Netty Ubuntu lunar *
Netty Ubuntu mantic *
Netty Ubuntu noble *
Netty Ubuntu oracular *
Netty Ubuntu trusty *
Nginx Ubuntu trusty *
Nodejs Ubuntu bionic *
Nodejs Ubuntu esm-apps/bionic *
Nodejs Ubuntu esm-apps/xenial *
Nodejs Ubuntu esm-infra-legacy/trusty *
Nodejs Ubuntu groovy *
Nodejs Ubuntu hirsute *
Nodejs Ubuntu impish *
Nodejs Ubuntu kinetic *
Nodejs Ubuntu trusty *
Nodejs Ubuntu trusty/esm *
Nodejs Ubuntu xenial *
Trafficserver Ubuntu bionic *
Trafficserver Ubuntu cosmic *
Trafficserver Ubuntu disco *
Trafficserver Ubuntu esm-apps/bionic *
Trafficserver Ubuntu trusty *
Trafficserver Ubuntu xenial *
Twisted Ubuntu bionic *
Twisted Ubuntu cosmic *
Twisted Ubuntu devel *
Twisted Ubuntu disco *
Twisted Ubuntu eoan *
Twisted Ubuntu focal *
Twisted Ubuntu groovy *
Twisted Ubuntu hirsute *
Twisted Ubuntu impish *
Twisted Ubuntu jammy *
Twisted Ubuntu kinetic *
Twisted Ubuntu lunar *
Twisted Ubuntu mantic *
Twisted Ubuntu noble *
Twisted Ubuntu oracular *
Twisted Ubuntu trusty *
Twisted Ubuntu upstream *

Extended Description

Code frequently has to work with limited resources, so programmers must be careful to ensure that resources are not consumed too quickly, or too easily. Without use of quotas, resource limits, or other protection mechanisms, it can be easy for an attacker to consume many resources by rapidly making many requests, or causing larger resources to be used than is needed. When too many resources are allocated, or if a single resource is too large, then it can prevent the code from working correctly, possibly leading to a denial of service.

Potential Mitigations

  • Assume all input is malicious. Use an “accept known good” input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does.

  • When performing input validation, consider all potentially relevant properties, including length, type of input, the full range of acceptable values, missing or extra inputs, syntax, consistency across related fields, and conformance to business rules. As an example of business rule logic, “boat” may be syntactically valid because it only contains alphanumeric characters, but it is not valid if the input is only expected to contain colors such as “red” or “blue.”

  • Do not rely exclusively on looking for malicious or malformed inputs. This is likely to miss at least one undesirable input, especially if the code’s environment changes. This can give attackers enough room to bypass the intended validation. However, denylists can be useful for detecting potential attacks or determining which inputs are so malformed that they should be rejected outright.

  • Mitigation of resource exhaustion attacks requires that the target system either:

  • The first of these solutions is an issue in itself though, since it may allow attackers to prevent the use of the system by a particular valid user. If the attacker impersonates the valid user, they may be able to prevent the user from accessing the server in question.

  • The second solution can be difficult to effectively institute – and even when properly done, it does not provide a full solution. It simply requires more resources on the part of the attacker.

  • If the program must fail, ensure that it fails gracefully (fails closed). There may be a temptation to simply let the program fail poorly in cases such as low memory conditions, but an attacker may be able to assert control before the software has fully exited. Alternately, an uncontrolled failure could cause cascading problems with other downstream components; for example, the program could send a signal to a downstream process so the process immediately knows that a problem has occurred and has a better chance of recovery.

  • Ensure that all failures in resource allocation place the system into a safe posture.

  • Use resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems.

  • When the current levels get close to the maximum that is defined for the application (see CWE-770), then limit the allocation of further resources to privileged users; alternately, begin releasing resources for less-privileged users. While this mitigation may protect the system from attack, it will not necessarily stop attackers from adversely impacting other users.

  • Ensure that the application performs the appropriate error checks and error handling in case resources become unavailable (CWE-703).

References