Fuzz testing (fuzzing) is a powerful technique for generating large numbers of diverse inputs - either randomly or algorithmically - and dynamically invoking the code with those inputs. Even with random inputs, it is often capable of generating unexpected results such as crashes, memory corruption, or resource consumption. Fuzzing effectively produces repeatable test cases that clearly indicate bugs, which helps developers to diagnose the issues.
CWE-789 Variant Draft
Memory Allocation with Excessive Size Value
This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the…
Definition
What is CWE-789?
This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the application can attempt to allocate massive amounts of system memory, leading to a denial-of-service or system instability.
At its core, this flaw is about a missing safety check. When an application accepts a size parameter—like the length of a file to process or the number of records to load—directly from an untrusted source (user input, network data, a file) and passes it to a memory allocation function (like `malloc`, `calloc`, or `new`) without verifying it's reasonable, the system's memory manager tries to fulfill the request. This often results in an out-of-memory crash, exhausting system resources and making the application unavailable.
To prevent this, developers must implement strict bounds checking before any allocation. Establish sensible, application-specific limits for all size values derived from external inputs. Compare the requested size against a configured maximum, and reject the request if it's too large. This validation should happen as early as possible, ideally right after the input is received, to ensure the program remains stable and responsive under all conditions.
Real-world impact
Real-world CVEs caused by CWE-789
-
Chain: Python library does not limit the resources used to process images that specify a very large number of bands (CWE-1284), leading to excessive memory consumption (CWE-789) or an integer overflow (CWE-190).
-
program uses ::alloca() for encoding messages, but large messages trigger segfault
-
memory consumption and daemon exit by specifying a large value in a length field
-
large value in a length field leads to memory consumption and crash when no more memory is available
-
large key size in game program triggers crash when a resizing function cannot allocate enough memory
-
large Content-Length HTTP header value triggers application crash in instant messaging application due to failure in memory allocation
How attackers exploit it
Step-by-step attacker path
- 1
Consider the following code, which accepts an untrusted size value and allocates a buffer to contain a string of the given size.
- 2
Suppose an attacker provides a size value of:
- 3
``` 12345678 ```
- 4
This will cause 305,419,896 bytes (over 291 megabytes) to be allocated for the string.
- 5
Consider the following code, which accepts an untrusted size value and uses the size as an initial capacity for a HashMap.
Vulnerable code example
Vulnerable C
Consider the following code, which accepts an untrusted size value and allocates a buffer to contain a string of the given size.
unsigned int size = GetUntrustedInt();
```
/* ignore integer overflow (CWE-190) for this example */*
unsigned int totBytes = size * sizeof(char);
char *string = (char *)malloc(totBytes);
InitializeString(string); Secure code example
Secure C
int proc_msg(char *s, int msg_len)
{
```
int pre_len = sizeof("preamble: "); // Note space at the end of the string - assume all strings have preamble with space
if (pre_len <= msg_len) { // Log error; return error_code; }
char buf[pre_len - msg_len];
... Do processing here and set status
return status;
}
char *s = "preamble: message\n";
char *sl = strchr(s, ':'); // Number of characters up to ':' (not including space)
int jnklen = sl == NULL ? 0 : sl - s; // If undefined pointer, use zero length
int ret_val = proc_msg ("s", jnklen); // Violate assumption of preamble length, end up with negative value, blow out stack What changed: the unsafe sink is replaced (or the input is validated/escaped) so the same payload no longer triggers the weakness.
Prevention checklist
How to prevent CWE-789
- Implementation / Architecture and Design Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
- Operation Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
Detection signals
How to detect CWE-789
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)
Plexicus auto-detects CWE-789 and opens a fix PR in under 60 seconds.
Codex Remedium scans every commit, identifies this exact weakness, and ships a reviewer-ready pull request with the patch. No tickets. No hand-offs.
Frequently asked questions What is CWE-789?
How serious is CWE-789?
What languages or platforms are affected by CWE-789?
How can I prevent CWE-789?
How does Plexicus detect and fix CWE-789?
Where can I learn more about CWE-789?
Frequently asked questions
What is CWE-789?
This vulnerability occurs when a program allocates memory based on a user-supplied or untrusted size value without proper validation. If an attacker provides an excessively large number, the application can attempt to allocate massive amounts of system memory, leading to a denial-of-service or system instability.
How serious is CWE-789?
MITRE has not published a likelihood-of-exploit rating for this weakness. Treat it as medium-impact until your threat model proves otherwise.
What languages or platforms are affected by CWE-789?
MITRE lists the following affected platforms: C, C++.
How can I prevent CWE-789?
Perform adequate input validation against any value that influences the amount of memory that is allocated. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary. Run your program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
How does Plexicus detect and fix CWE-789?
Plexicus's SAST engine matches the data-flow signature for CWE-789 on every commit. When a match is found, our Codex Remedium agent opens a fix PR with the corrected code, tests, and a one-line summary for the reviewer.
Where can I learn more about CWE-789?
MITRE publishes the canonical definition at https://cwe.mitre.org/data/definitions/789.html. You can also reference OWASP and NIST documentation for adjacent guidance.
Related weaknesses
Weaknesses related to CWE-789
CWE-770 Parent
Allocation of Resources Without Limits or Throttling
This vulnerability occurs when a system allows users or processes to request resources without any built-in caps or rate limits. Think of…
CWE-1325 Sibling
Improperly Controlled Sequential Memory Allocation
This vulnerability occurs when a system allocates memory separately for each item in a collection but fails to enforce a global limit on…
CWE-774 Sibling
Allocation of File Descriptors or Handles Without Limits or Throttling
This vulnerability occurs when an application creates file descriptors or handles for a user or process without enforcing any limits on…
CWE-476 Can precede
NULL Pointer Dereference
This vulnerability occurs when a program attempts to access or manipulate memory using a pointer that is set to NULL, causing a crash or…
Ready when you are
Don't Let Security
Weigh You Down.
Stop choosing between AI velocity and security debt. Plexicus is the only platform that runs Vibe Coding Security and ASPM in parallel — one workflow, every codebase.