目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-119 内存缓冲区边界内操作的限制不恰当 类漏洞列表 1064

CWE-119 内存缓冲区边界内操作的限制不恰当 类弱点 1064 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-119 属于内存缓冲区操作限制不当漏洞,指程序在读写内存时超出缓冲区边界,导致意外访问其他变量或内部数据。攻击者通常利用此缺陷通过精心构造的输入触发缓冲区溢出,从而覆盖关键内存数据或执行任意代码,实现远程代码执行或系统崩溃。开发者应避免此类风险,需严格实施边界检查,使用安全的字符串处理函数,并启用编译器防护机制,确保所有内存操作均在合法范围内进行。

MITRE CWE 官方描述
CWE:CWE-119 内存缓冲区操作限制不当 (Improper Restriction of Operations within the Bounds of a Memory Buffer) 英文:产品对内存缓冲区执行操作,但其从内存缓冲区的预期边界之外读取或写入内存位置。这可能导致对意外内存位置的读取或写入操作,这些位置可能与其它变量、数据结构或内部程序数据相关联。
常见影响 (3)
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands, Modify Memory
If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow. If the attacker can overwrite a pointer's worth of memory (usually 32 or 64 bits), they can alter the intended control flow by redirecting a funct…
Availability, ConfidentialityRead Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory)
Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
ConfidentialityRead Memory
In the case of an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffer's position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences.
缓解措施 (5)
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer. Be wary that a lan…
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Operation, Build and CompilationUse automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking. D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses…
Effectiveness: Defense in Depth
ImplementationConsider adhering to the following rules when allocating and managing an application's memory: Double check that the buffer is as large as specified. When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string. Check buffer boundaries if accessing the buffer in a…
Operation, Build and CompilationRun or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code. Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported…
Effectiveness: Defense in Depth
代码示例 (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
This example applies an encoding procedure to an input string and stores it into a buffer.
char * copy_input(char *user_supplied_string){ int i, dst_index; char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE); if ( MAX_SIZE <= strlen(user_supplied_string) ){ die("user string too long, die evil hacker!"); } dst_index = 0; for ( i = 0; i < strlen(user_supplied_string); i++ ){ if( '&' == user_supplied_string[i] ){ dst_buf[dst_index++] = '&'; dst_buf[dst_index++] = 'a'; dst_buf[dst_index++] = 'm'; dst_buf[dst_index++] = 'p'; dst_buf[dst_index++] = ';'; } else if ('<' == user_supplied_string[i] ){ /* encode to &lt; */ } else dst_buf[dst_index++] = user_supplied_string[i]; } return ds
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-22167 GPU DDK 缓存驻留 PM 缓冲区可被其他 GPU 请求者写入导致任意物理内存写入漏洞 — Graphics DDK 7.8AIHighAI2026-05-01
CVE-2026-27890 Firebird 安全漏洞 — firebird 8.2 High2026-04-17
CVE-2026-34864 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.8 Medium2026-04-13
CVE-2026-4149 Sonos Era 300 缓冲区错误漏洞 — Era 300 9.8 -2026-04-11
CVE-2026-34988 wasmtime 缓冲区错误漏洞 — wasmtime 7.5AIHighAI2026-04-09
CVE-2026-39892 cryptography 安全漏洞 — cryptography 8.1AIHighAI2026-04-08
CVE-2026-39863 Kamailio 缓冲区错误漏洞 — kamailio 7.5 High2026-04-08
CVE-2026-5475 Core Flight System 缓冲区错误漏洞 — cFS 5.5 Medium2026-04-03
CVE-2026-34159 llama.cpp 缓冲区错误漏洞 — llama.cpp 9.8 Critical2026-04-01
CVE-2026-33847 Rapidvms 安全漏洞 — rapidvms 7.8 High2026-03-24
CVE-2026-33849 Rapidvms 安全漏洞 — rapidvms 8.8 High2026-03-24
CVE-2026-33848 Rapidvms 安全漏洞 — rapidvms 8.8 High2026-03-24
CVE-2026-33851 doslib 安全漏洞 — doslib 7.8 High2026-03-24
CVE-2026-4738 GDAL 安全漏洞 — gdal 9.8 -2026-03-24
CVE-2026-4734 Modizer 安全漏洞 — modizer 8.8 -2026-03-24
CVE-2026-4010 pocketlang 缓冲区错误漏洞 — pocketlang 3.3 Low2026-03-12
CVE-2026-30883 ImageMagick 缓冲区错误漏洞 — ImageMagick 5.7 Medium2026-03-09
CVE-2026-20024 Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 缓冲区错误漏洞 — Cisco Secure Firewall Adaptive Security Appliance (ASA) Software 6.8 Medium2026-03-04
CVE-2026-3437 Portwell Engineering Toolkits 缓冲区错误漏洞 — Portwell Engineering Toolkits 6.7AIMediumAI2026-03-03
CVE-2026-3394 SoLoud 缓冲区错误漏洞 — soloud 3.3 Low2026-03-01
CVE-2026-3382 ChaiScript 缓冲区错误漏洞 — ChaiScript 3.3 Low2026-03-01
CVE-2023-31364 AMD Processors 安全漏洞 — AMD EPYC™ 7001 Series Processors 6.5AIMediumAI2026-02-26
CVE-2026-3145 libvips 缓冲区错误漏洞 — libvips 5.3 Medium2026-02-25
CVE-2026-2522 Open5GS 安全漏洞 — Open5GS 5.3 Medium2026-02-15
CVE-2026-2521 Open5GS 安全漏洞 — Open5GS 5.3 Medium2026-02-15
CVE-2024-21961 AMD Processors 安全漏洞 — AMD EPYC™ 7002 Series Processors 6.5AIMediumAI2026-02-12
CVE-2026-2259 Lobster 缓冲区错误漏洞 — lobster 3.3 Low2026-02-10
CVE-2026-2258 Lobster 缓冲区错误漏洞 — lobster 3.3 Low2026-02-10
CVE-2026-2246 AprilTag 缓冲区错误漏洞 — apriltag 3.3 Low2026-02-09
CVE-2026-25634 iccDEV 安全漏洞 — iccDEV 7.8 High2026-02-06

CWE-119(内存缓冲区边界内操作的限制不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 1064 条 CVE 漏洞。