Home/CWE/Allocation of Resources Without Limits or Throttling
Weakness

Allocation of Resources Without Limits or Throttling

CWE-770 · Base · Incomplete

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Weakness Relationships

Where this weakness sits in the CWE hierarchy. Walk up to broader classes or down to more specific variants.
Parent of this (broader)
ChildOfCWE-400 · Uncontrolled Resource Consumption
ChildOfCWE-665 · Improper Initialization
Children (more specific)
ParentOfCWE-1325 · Improperly Controlled Sequential Memory Allocation
ParentOfCWE-774 · Allocation of File Descriptors or Handles Without Limits or Throttling
ParentOfCWE-789 · Memory Allocation with Excessive Size Value

Attack Patterns (CAPEC)

20
How adversaries exploit this weakness, per MITRE CAPEC.
CAPEC-125Flooding
CAPEC-130Excessive Allocation
CAPEC-147XML Ping of the Death
CAPEC-197Exponential Data Expansion
CAPEC-229Serialized Data Parameter Blowup
CAPEC-230Serialized Data with Nested Payloads
CAPEC-231Oversized Serialized Data Payloads
CAPEC-469HTTP DoS
CAPEC-482TCP Flood
CAPEC-486UDP Flood
CAPEC-487ICMP Flood
CAPEC-488HTTP Flood
CAPEC-489SSL Flood
CAPEC-490Amplification
CAPEC-491Quadratic Data Expansion
CAPEC-493SOAP Array Blowup
CAPEC-494TCP Fragmentation
CAPEC-495UDP Fragmentation
CAPEC-496ICMP Fragmentation
CAPEC-528XML Flood

CVEs With This Weakness

2,022
A sample of the 2,022 CVEs tagged with this weakness.
CVECVE-2026-8468
CVECVE-2026-8466
CVECVE-2026-8280
CVECVE-2026-8202
CVECVE-2026-8124
CVECVE-2026-7776
CVECVE-2026-7768
CVECVE-2026-7541
CVECVE-2026-6948
CVECVE-2026-6860
CVECVE-2026-6060
CVECVE-2026-5807

Nuclei Scanner Templates

1
Open-source Nuclei templates that detect this weakness class - an actionable scan-for-it pivot. Licensed under the ProjectDiscovery / Nuclei terms.
highPure-FTPd 1.0.48 - Denial of Service
External lookups - second-class, for what we don’t hold ourselves
MITRE CWE
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh  ·  Open-source threat intelligence platform  ·  100+ authoritative sources  ·  Every fact traces to its origin