目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-1284 类漏洞列表 161

CWE-1284 类弱点 161 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1284属于输入验证缺陷,指程序未正确校验输入中指定的数量属性。攻击者常通过提交异常数值(如极大长度或频率)触发资源耗尽、计算错误或逻辑越界,导致服务拒绝或系统崩溃。开发者应实施严格的边界检查,确保输入数量符合预期范围,并在分配资源或控制循环前进行有效性验证,从而防止因非法数量引发的安全风险。

MITRE CWE 官方描述
CWE:CWE-1284 输入中指定数量的验证不当 英文:产品接收预期用于指定数量(如大小或长度)的输入,但未对该数量是否具有所需属性进行验证或进行了错误的验证。 指定的数量包括大小、长度、频率、价格、速率、操作次数、时间等。代码可能依赖指定的数量来分配资源、执行计算、控制迭代等。
常见影响 (1)
Other, Integrity, AvailabilityVaries by Context, DoS: Resource Consumption (CPU), Modify Memory, Read Memory
When the quantity is not properly validated, then attackers can specify malicious quantities to cause excessive resource allocation, trigger unexpected failures, enable buffer overflows, etc.
缓解措施 (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
代码示例 (2)
This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.
... public static final double price = 20.00; int quantity = currentUser.getAttribute("quantity"); double total = price * quantity; chargeUser(total); ...
Bad · Java
This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.
... #define MAX_DIM 100 ... /* board dimensions */ int m,n, error; board_square_t *board; printf("Please specify the board height: \n"); error = scanf("%d", &m); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } printf("Please specify the board width: \n"); error = scanf("%d", &n); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } if ( m > MAX_DIM || n > MAX_DIM ) { die("Value too large: Die evil hacker!\n"); } board = (board_square_t*) malloc( m * n * sizeof(board_square_t)); ...
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-55392 NILFS 工具 未验证 s_log_block_size 导致未定义行为和内存溢出 — nilfs-utils 5.5 Medium2026-06-18
CVE-2026-55706 OpenBSD 输入验证错误漏洞 — OpenBSD 5.8 Medium2026-06-17
CVE-2026-49110 WP Swings Upsell Order Bump Offer for WooCommerce 输入验证错误漏洞 — Upsell Order Bump Offer for WooCommerce 7.5 High2026-06-15
CVE-2026-49078 WP Travel Engine 输入验证错误漏洞 — WP Travel Engine 7.5 High2026-06-15
CVE-2026-45441 Magepeople Event Booking Manager 输入验证错误漏洞 — WpEvently 7.5 High2026-06-15
CVE-2026-42657 Wasiliy Strecker Contest Gallery 输入验证错误漏洞 — Contest Gallery 6.5 Medium2026-06-15
CVE-2026-12059 Cellopoint CelloOS 输入验证错误漏洞 — CelloOS 8.8 High2026-06-12
CVE-2026-11596 ConnectWise ScreenConnect 安全漏洞 — ScreenConnect 4.7 Medium2026-06-10
CVE-2026-53689 libnfs 安全漏洞 — libnfs 7.1 High2026-06-10
CVE-2026-49777 WordPress plugin Product Slider Pro for WooCommerce 安全漏洞 — Product Slider Pro for WooCommerce 10.0 Critical2026-06-05
CVE-2026-47329 Canonical Ubuntu Linux 安全漏洞 — Ubuntu Linux 3.3 Low2026-05-28
CVE-2026-9801 Keycloak 安全漏洞 — Red Hat build of Keycloak 26.6 4.9 Medium2026-05-28
CVE-2026-7254 IBM OpenBMC 安全漏洞 — OPENBMC--2026-05-27
CVE-2026-9704 Keycloak 安全漏洞 — Red Hat build of Keycloak 26.6 6.8 Medium2026-05-27
CVE-2026-3676 IBM Cloud APM 安全漏洞 — Cloud APM, Base Private 6.5 Medium2026-05-27
CVE-2026-42744 WordPress plugin Ads by WPQuads 安全漏洞 — Ads by WPQuads 6.5 Medium2026-05-27
CVE-2026-42732 WordPress plugin Ads by WPQuads 安全漏洞 — Ads by WPQuads 6.5 Medium2026-05-27
CVE-2026-42013 GnuTLS 安全漏洞 — Red Hat Enterprise Linux 10 8.2 High2026-05-26
CVE-2026-5260 GnuTLS 安全漏洞 — Red Hat Enterprise Linux 10 8.2 High2026-05-26
CVE-2026-8047 CODESYS多款产品 安全漏洞 — CODESYS Control RTE (SL) 7.5 High2026-05-26
CVE-2025-15645 Ledger多款产品 安全漏洞 — Ledger Nano X 4.6 Medium2026-05-19
CVE-2026-8813 ExifReader 安全漏洞 — exifreader 7.5 High2026-05-19
CVE-2026-44826 Vvveb 安全漏洞 — Vvveb 7.5 High2026-05-15
CVE-2025-66660 AMD Graphics Driver 安全漏洞 — AMD Radeon™ RX 6000 Series Graphics Products--2026-05-15
CVE-2026-0428 AMD Graphics Driver 安全漏洞 — AMD Instinct™ MI300A--2026-05-15
CVE-2025-14869 GitLab Enterprise Edition(EE)和GitLab Community Edition(CE) 安全漏洞 — GitLab 7.5 High2026-05-14
CVE-2026-44459 Hono 安全漏洞 — hono 3.8 Low2026-05-13
CVE-2026-25863 WordPress plugin Conditional Fields for Contact Form 安全漏洞 — Conditional Fields for Contact Form 7 7.5 High2026-05-04
CVE-2025-14688 IBM Db2 安全漏洞 — Db2 5.3 Medium2026-04-30
CVE-2026-6915 MongoDB Server 安全漏洞 — MongoDB Server 6.3 Medium2026-04-29

CWE-1284 是常见的弱点类别,本平台收录该类弱点关联的 161 条 CVE 漏洞。