目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-125 跨界内存读 类漏洞列表 2924

CWE-125 跨界内存读 类弱点 2924 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-125 越界读取属于内存安全漏洞,指程序访问了缓冲区边界之外的内存区域。攻击者利用此缺陷可读取敏感数据或引发信息泄露,甚至通过特定构造触发逻辑错误以辅助后续攻击。开发者应严格实施边界检查,确保索引在有效范围内,并使用支持自动边界检测的高级语言或静态分析工具,从源头杜绝非法内存访问。

MITRE CWE 官方描述
CWE:CWE-125 Out-of-bounds Read 英文:The product reads data past the end, or before the beginning, of the intended buffer. 中文:该产品在预期缓冲区(buffer)的末尾之后或开头之前读取数据。
常见影响 (4)
ConfidentialityRead Memory
An attacker could get secret values such as cryptographic keys, PII, memory addresses, or other information that could be used in additional attacks.
ConfidentialityBypass Protection Mechanism
Out-of-bounds memory could contain memory addresses or other information that can be used to bypass ASLR and other protection mechanisms in order to improve the reliability of exploiting a separate weakness for code execution.
AvailabilityDoS: Crash, Exit, or Restart
An attacker could cause a segmentation fault or crash by causing memory to be read outside of the bounds of the buffer. This is especially likely when the code reads a variable amount of data and assumes that a sentinel exists to stop the read operation, such as a NUL in a string.
OtherVaries by Context
The read operation could produce other undefined or unexpected results.
缓解措施 (2)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Architecture and DesignUse a language that provides appropriate memory abstractions.
代码示例 (2)
In the following code, the method retrieves a value from an array at a specific array index location that is given as an input parameter to the method
int getValueFromArray(int *array, int len, int index) { int value; // check that the array index is less than the maximum // length of the array if (index < len) { // get the value at the specified index of the array value = array[index]; } // if array index is invalid then output error message // and return value indicating error else { printf("Value is: %d\n", array[index]); value = -1; } return value; }
Bad · C
... // check that the array index is within the correct // range of values for the array if (index >= 0 && index < len) { ...
Good · C
In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.
int processMessageFromSocket(int socket) { int success; char buffer[BUFFER_SIZE]; char message[MESSAGE_SIZE]; // get message from socket and store into buffer //Ignoring possibliity that buffer > BUFFER_SIZE if (getMessage(socket, buffer, BUFFER_SIZE) > 0) { // place contents of the buffer into message structure ExMessage *msg = recastBuffer(buffer); // copy message body into string for processing int index; for (index = 0; index < msg->msgLength; index++) { message[index] = msg->msgBody[index]; } message[index] = '\0'; // process message success = processMessage(message); } return success; }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2021-31506 OpenText Brava! 缓冲区错误漏洞 — Brava! Desktop 3.3 -2021-06-29
CVE-2021-28574 Adobe Animate 缓冲区错误漏洞 — Animate 4.3 Medium2021-06-28
CVE-2021-28576 Adobe Animate 缓冲区错误漏洞 — Animate 4.3 Medium2021-06-28
CVE-2021-28587 Adobe After Effects 缓冲区错误漏洞 — After Effects 3.3 -2021-06-28
CVE-2021-28575 Adobe Animate 缓冲区错误漏洞 — Animate 4.3 Medium2021-06-28
CVE-2021-28573 Adobe Animate 缓冲区错误漏洞 — Animate 4.3 Medium2021-06-28
CVE-2021-21410 Contiki-NG 缓冲区错误漏洞 — contiki-ng 8.2 High2021-06-18
CVE-2021-32950 Open Design Alliance Drawings SDK 缓冲区错误漏洞 — Drawings SDK 7.1 -2021-06-17
CVE-2021-32938 Open Design Alliance Drawings SDK 缓冲区错误漏洞 — Drawings SDK 7.1 -2021-06-17
CVE-2021-32940 Open Design Alliance Drawings SDK 缓冲区错误漏洞 — Drawings SDK 7.1 -2021-06-17
CVE-2021-31501 OpenText Brava! 缓冲区错误漏洞 — Brava! Desktop 3.3 -2021-06-15
CVE-2021-31498 OpenText Brava! 缓冲区错误漏洞 — Brava! Desktop 3.3 -2021-06-15
CVE-2021-27408 Mmemed Welch Allyn Connex 缓冲区错误漏洞 — Welch Allyn medical device management tools 9.1 -2021-06-11
CVE-2021-22753 Schneider Electric IGSS 缓冲区错误漏洞 — IGSS Definition (Def.exe) V15.0.0.21140 and prior 7.8 -2021-06-11
CVE-2021-22756 Schneider Electric IGSS 缓冲区错误漏洞 — IGSS Definition (Def.exe) V15.0.0.21140 and prior 7.8 -2021-06-11
CVE-2021-22757 Schneider Electric IGSS 缓冲区错误漏洞 — IGSS Definition (Def.exe) V15.0.0.21140 and prior 7.8 -2021-06-11
CVE-2021-28801 QNAP Switch System 缓冲区错误漏洞 — QSS 3.1 Low2021-06-11
CVE-2021-27597 SAP NetWeaver AS ABAP Business Server 缓冲区错误漏洞 — SAP NetWeaver AS for ABAP (RFC Gateway) 7.5 -2021-06-09
CVE-2021-27606 SAP NetWeaver AS ABAP Business Server 缓冲区错误漏洞 — SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) 7.5 -2021-06-09
CVE-2021-27629 SAP Netweaver 缓冲区错误漏洞 — SAP NetWeaver ABAP Server and ABAP Platform (Enqueue Server) 7.5 -2021-06-09
CVE-2021-3522 GStreamer 缓冲区错误漏洞 — GStreamer 5.5 -2021-06-02
CVE-2021-27490 Siemens Solid Edge 缓冲区错误漏洞 — Datakit Software libraries embedded in Luxion KeyShot software 7.8 -2021-05-27
CVE-2020-12403 Mozilla Network Security Services 缓冲区错误漏洞 — nss 9.1 -2021-05-27
CVE-2021-32614 dmg2img 缓冲区错误漏洞 — dmg2img 7.1 -2021-05-26
CVE-2021-20177 Linux kernel 缓冲区错误漏洞 — kernel 4.4 -2021-05-26
CVE-2021-3548 dmg2img 缓冲区错误漏洞 — dmg2img 6.6 -2021-05-26
CVE-2020-13601 Zephyr 缓冲区错误漏洞 — zephyr 9.0 Critical2021-05-24
CVE-2018-25013 libwebp 缓冲区错误漏洞 — libwebp 9.1 -2021-05-21
CVE-2018-25012 libwebp 缓冲区错误漏洞 — libwebp 9.8 -2021-05-21
CVE-2018-25010 libwebp 缓冲区错误漏洞 — libwebp 9.1 -2021-05-21

CWE-125(跨界内存读) 是常见的弱点类别,本平台收录该类弱点关联的 2924 条 CVE 漏洞。