目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-123 任意地址可写任意内容条件 类漏洞列表 32

CWE-123 任意地址可写任意内容条件 类弱点 32 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-123 是一种严重的内存安全漏洞,指攻击者能够向任意内存地址写入任意值,通常由缓冲区溢出引发。攻击者利用此缺陷覆盖关键数据结构或控制流指针,从而劫持程序执行流程,实现远程代码执行或系统崩溃。开发者应严格实施输入验证,使用边界检查机制,并采用现代编程语言的安全特性(如 Rust 或启用 ASLR、DEP 的 C/C++ 环境)来防止非法内存访问,从根本上消除此类风险。

MITRE CWE 官方描述
CWE:CWE-123 Write-what-where Condition(任意写任意值条件) 英文:任何攻击者能够向任意位置写入任意值的条件,通常作为缓冲区溢出(buffer overflow)的结果。
常见影响 (3)
Integrity, Confidentiality, Availability, Access ControlModify Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity, DoS: Crash, Exit, or Restart, Bypass Protection Mechanism
Clearly, write-what-where conditions can be used to write data to areas of memory outside the scope of a policy. Also, they almost invariably can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. If the attacker can overwrite a pointer's w…
Integrity, AvailabilityDoS: Crash, Exit, or Restart, Modify Memory
Many memory accesses can lead to program termination, such as when writing to addresses that are invalid for the current process.
Access Control, OtherBypass Protection Mechanism, Other
When the consequence is arbitrary code execution, this can often be used to subvert any other security service.
缓解措施 (2)
Architecture and DesignUse a language that provides appropriate memory abstractions.
OperationUse OS-level preventative functionality integrated after the fact. Not a complete solution.
代码示例 (1)
The classic example of a write-what-where condition occurs when the accounting information for memory allocations is overwritten in a particular fashion. Here is an example of potentially vulnerable code:
#define BUFSIZE 256 int main(int argc, char **argv) { char *buf1 = (char *) malloc(BUFSIZE); char *buf2 = (char *) malloc(BUFSIZE); strcpy(buf1, argv[1]); free(buf2); }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-41952 Acronis Cyber Protect Cloud Agent和Acronis DeviceLock DLP 安全漏洞 — Acronis DeviceLock DLP 7.8AIHighAI2026-04-29
CVE-2025-14857 Semtech LR11xx LoRa 安全漏洞 — LR1110 6.8AIMediumAI2026-04-07
CVE-2025-29943 AMD CPU 安全漏洞 — AMD EPYC™ 9004 Series Processors 6.7 -2026-01-16
CVE-2025-9900 LibTIFF 安全漏洞 8.8 High2025-09-23
CVE-2025-7403 Zephyr 安全漏洞 — Zephyr 7.6 High2025-09-19
CVE-2025-33045 AMI AptioV 安全漏洞 — AptioV 8.2 High2025-09-09
CVE-2025-55298 ImageMagick 安全漏洞 — ImageMagick 7.5 High2025-08-26
CVE-2024-20141 MediaTek Chipsets 缓冲区错误漏洞 — MT6739, MT6761, MT6765, MT6768, MT6771, MT6779, MT6781, MT6785, MT6833, MT6853, MT6873, MT6877, MT6885, MT6893, MT8167, MT8167S, MT8175, MT8185, MT8195, MT8321, MT8362A, MT8365, MT8385, MT8395, MT8666, MT8667, MT8673, MT8675, MT8678, MT8765, MT8766, MT8768, MT8771, MT8775, MT8781, MT8786, MT8788, MT8789, MT8791T, MT8795T, MT8797, MT8798, MT8893 6.6 -2025-02-03
CVE-2024-47438 Adobe Substance 3D Painter 安全漏洞 — Substance3D - Painter 5.5 Medium2024-11-12
CVE-2024-20119 MediaTek Chipsets 安全漏洞 — MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8676 6.7AIMediumAI2024-11-04
CVE-2024-20118 MediaTek Chipsets 安全漏洞 — MT6739, MT6761, MT6765, MT6768, MT6779, MT6781, MT6785, MT6789, MT6833, MT6835, MT6853, MT6855, MT6873, MT6877, MT6883, MT6885, MT6889, MT6893, MT8676, MT8792 6.7AIMediumAI2024-11-04
CVE-2024-45142 Adobe Substance 3D Stager 安全漏洞 — Substance3D - Stager 7.8 High2024-10-09
CVE-2024-42479 llama.cpp 安全漏洞 — llama.cpp 10.0 Critical2024-08-12
CVE-2024-6563 Trusted Firmware 安全漏洞 — rcar_gen3_v2.5 7.5 High2024-07-08
CVE-2024-20741 Adobe Substance 3D Painter 缓冲区错误漏洞 — Substance3D - Painter 7.8 High2024-02-15
CVE-2021-45465 Siemens Syngo FastView 安全漏洞 — syngo fastView 7.8 High2024-01-04
CVE-2022-38143 OpenImageIO 缓冲区错误漏洞 — OpenImageIO 9.8 -2022-12-23
CVE-2022-1523 Fuji Electric D300win 缓冲区错误漏洞 — D300win 6.1 Medium2022-10-19
CVE-2022-40262 Intel NUC M15 缓冲区错误漏洞 — Aptio 8.2 -2022-09-20
CVE-2022-40246 Intel NUC M15 缓冲区错误漏洞 — Aptio 8.2 -2022-09-20
CVE-2021-38441 Eclipse Cyclone DDS 代码问题漏洞 — CycloneDDS 6.6 Medium2022-05-05
CVE-2021-42540 Emerson WirelessHART Gateway 安全漏洞 — WirelessHART Gateway 8.0 High2021-10-22
CVE-2021-38449 AUVESY Versiondog 安全漏洞 — Versiondog 9.8 Critical2021-10-22
CVE-2021-36057 Adobe XMP Toolkit SDK 安全漏洞 — XMP Toolkit 3.3 -2021-09-01
CVE-2021-1520 Cisco 路由器 安全漏洞 — Cisco Small Business RV Series Router Firmware 6.7 Medium2021-05-06
CVE-2021-1390 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 5.1 Medium2021-03-24
CVE-2020-7560 Schneider Electric EcoStruxure Control Expert 输入验证错误漏洞 — EcoStruxure™ Control Expert (all versions) and Unity Pro (former name of EcoStruxure™ Control Expert) (all versions) 7.8 -2020-12-11
CVE-2020-16225 Delta Electronics TPEditor 缓冲区错误漏洞 — Delta Electronics TPEditor 7.8 -2020-08-06
CVE-2020-2001 Palo Alto Networks PAN-OS 缓冲区错误漏洞 — PAN-OS 8.1 High2020-05-13
CVE-2014-5435 Honeywell International Experion PKS 缓冲区错误漏洞 — Experion PKS 9.8 -2019-04-08

CWE-123(任意地址可写任意内容条件) 是常见的弱点类别,本平台收录该类弱点关联的 32 条 CVE 漏洞。