SYM_C_0007 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Allocation of File Descriptors or Handles Without Limits or Throttling
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| CWE | CWE-774: Allocation of File Descriptors or Handles Without Limits or Throttling |
| Confidence Level | Medium |
| Impact Level | High |
| Likelihood Level | Low |
Description
The code opens '/dev/random' or '/dev/urandom' and reads from it without checking if the read operation succeeded or failed. Failing to handle errors can lead to file descriptors not being properly closed or released.
Impact
If file descriptors are exhausted due to unchecked read failures, the application may run out of resources, causing it to crash or become unresponsive. This can be exploited by attackers to trigger denial of service, disrupt critical functionality, or degrade system performance.