CWE-1284 类漏洞列表 134

CWE-1284 类弱点 134 条 CVE 漏洞汇总，含 AI 中文分析。

CWE-1284属于输入验证缺陷，指程序未正确校验输入中指定的数量属性。攻击者常通过提交异常数值（如极大长度或频率）触发资源耗尽、计算错误或逻辑越界，导致服务拒绝或系统崩溃。开发者应实施严格的边界检查，确保输入数量符合预期范围，并在分配资源或控制循环前进行有效性验证，从而防止因非法数量引发的安全风险。

MITRE CWE 官方描述

CWE：CWE-1284 输入中指定数量的验证不当英文：产品接收预期用于指定数量（如大小或长度）的输入，但未对该数量是否具有所需属性进行验证或进行了错误的验证。指定的数量包括大小、长度、频率、价格、速率、操作次数、时间等。代码可能依赖指定的数量来分配资源、执行计算、控制迭代等。

常见影响 (1)

Other, Integrity, AvailabilityVaries by Context, DoS: Resource Consumption (CPU), Modify Memory, Read Memory

When the quantity is not properly validated, then attackers can specify malicious quantities to cause excessive resource allocation, trigger unexpected failures, enable buffer overflows, etc.

缓解措施 (1)

ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…

Effectiveness: High

代码示例 (2)

This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.

... public static final double price = 20.00; int quantity = currentUser.getAttribute("quantity"); double total = price * quantity; chargeUser(total); ...

Bad · Java

This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.

... #define MAX_DIM 100 ... /* board dimensions */ int m,n, error; board_square_t *board; printf("Please specify the board height: \n"); error = scanf("%d", &m); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } printf("Please specify the board width: \n"); error = scanf("%d", &n); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } if ( m > MAX_DIM || n > MAX_DIM ) { die("Value too large: Die evil hacker!\n"); } board = (board_square_t*) malloc( m * n * sizeof(board_square_t)); ...

Bad · C

CVE ID	标题	CVSS	风险等级	Published
CVE-2026-25863	Contact Form 7插件Conditional Fields < 2.7.3 拒绝服务漏洞 — Conditional Fields for Contact Form 7	7.5	High	2026-05-04
CVE-2025-14688	IBM Db2 特定配置下拒绝服务漏洞 — Db2	5.3	Medium	2026-04-30
CVE-2026-6915	MongoDB Server 安全漏洞 — MongoDB Server	6.3	Medium	2026-04-29
CVE-2026-1352	IBM Db2 安全漏洞 — Db2	6.5	Medium	2026-04-22
CVE-2026-6839	ONE 安全漏洞 — ONE	6.6	Medium	2026-04-22
CVE-2026-41285	OpenBSD 安全漏洞 — OpenBSD	4.3	Medium	2026-04-20
CVE-2026-2403	Schneider Electric PowerChute Serial Shutdown 安全漏洞 — PowerChute™ Serial Shutdown	2.7	-	2026-04-14
CVE-2025-3756	ABB多款产品安全漏洞 — AC800M (System 800xA)	6.5	Medium	2026-04-13
CVE-2026-40093	core-rs-albatross 安全漏洞 — core-rs-albatross	8.1	High	2026-04-09
CVE-2025-12664	GitLab 安全漏洞 — GitLab	7.5	High	2026-04-08
CVE-2026-1092	GitLab 安全漏洞 — GitLab	7.5	High	2026-04-08
CVE-2026-1101	GitLab 安全漏洞 — GitLab	6.5	Medium	2026-04-08
CVE-2025-13078	GitLab 安全漏洞 — GitLab	6.5	Medium	2026-03-25
CVE-2026-25345	WordPress plugin SimpLy Gallery 安全漏洞 — SimpLy Gallery	9.9	Critical	2026-03-25
CVE-2026-33349	fast-xml-parser 安全漏洞 — fast-xml-parser	5.9	Medium	2026-03-24
CVE-2026-26940	Elastic Kibana 安全漏洞 — Kibana	6.5	Medium	2026-03-19
CVE-2025-14513	GitLab 安全漏洞 — GitLab	7.5	High	2026-03-11
CVE-2026-27384	WordPress plugin W3 Total Cache 安全漏洞 — W3 Total Cache	9.0	Critical	2026-03-05
CVE-2026-26934	Elastic Kibana 安全漏洞 — Kibana	6.5	Medium	2026-02-26
CVE-2025-14511	GitLab 安全漏洞 — GitLab	7.5	High	2026-02-25
CVE-2026-27171	zlib 安全漏洞 — zlib	2.9	Low	2026-02-18
CVE-2025-13867	IBM Db2 安全漏洞 — Db2 for Linux, UNIX and Windows	6.5	Medium	2026-02-17
CVE-2025-14689	IBM Db2 安全漏洞 — Db2 for Linux, UNIX and Windows	6.5	Medium	2026-02-17
CVE-2025-52534	AMD EPYC 9005 Series 安全漏洞 — AMD EPYC™ 9005 Series Processors	6.5^AI	Medium^AI	2026-02-10
CVE-2024-21953	AMD多款产品安全漏洞 — AMD EPYC™ 9004 Series Processors	6.0^AI	Medium^AI	2026-02-10
CVE-2025-15080	Mitsubishi Electric MELSEC iQ-R series 安全漏洞 — MELSEC iQ-R Series R08PCPU	9.8^AI	Critical^AI	2026-02-05
CVE-2025-36094	IBM Cloud Pak for Business Automation 安全漏洞 — Cloud Pak for Business Automation	5.4	Medium	2026-02-03
CVE-2025-36009	IBM Db2 安全漏洞 — Db2 for Linux, UNIX and Windows	6.5	Medium	2026-01-30
CVE-2025-36407	IBM Db2 安全漏洞 — Db2 for Linux, UNIX and Windows	6.5	Medium	2026-01-30
CVE-2025-36423	IBM Db2 安全漏洞 — Db2 for Linux, UNIX and Windows	6.5	Medium	2026-01-30

CWE-1284 是常见的弱点类别，本平台收录该类弱点关联的 134 条 CVE 漏洞。

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

CWE-1284 类漏洞列表 134

目标达成感谢每一位支持者 — 我们达成了 100% 目标！