目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-1285 类漏洞列表 41

CWE-1285 类弱点 41 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1285属于输入验证缺陷,指程序未正确校验指向缓冲区或文件的索引、位置或偏移量。攻击者通过构造越界参数,可触发内存越界读写或文件路径遍历,导致数据泄露或系统崩溃。开发者应在访问资源前,严格验证输入值是否在合法范围内,并实施边界检查机制,确保索引始终指向有效内存区域,从而从根本上消除此类风险。

MITRE CWE 官方描述
CWE:CWE-1285 输入中指定的索引、位置或偏移量验证不当 产品接收预期用于指定索引、位置或偏移量的输入,以访问可索引资源(如缓冲区或文件),但未对指定的索引/位置/偏移量是否具有所需属性进行验证,或验证不正确。 通常,内存缓冲区或文件等可索引资源可以通过特定的位置、索引或偏移量进行访问,例如数组的索引或文件的位置。如果未在使用不可信输入作为索引之前对其进行适当验证,攻击者可能访问(或尝试访问)这些资源的未授权部分。这可能导致缓冲区溢出(Buffer Overflow)、过度的资源分配或触发意外故障。
常见影响 (1)
OtherVaries by Context
缓解措施 (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
代码示例 (2)
The following example retrieves the sizes of messages for a pop3 mail server. The message sizes are retrieved from a socket that returns in a buffer the message number and the message size, the message number (num) and size (size) are extracted from the buffer and the message size is placed into an array using the message number for the array index.
/* capture the sizes of all messages */ int getsizes(int sock, int count, int *sizes) { ... char buf[BUFFER_SIZE]; int ok; int num, size; // read values from socket and added to sizes array while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0) { // continue read from socket until buf only contains '.' if (DOTLINE(buf)) break; else if (sscanf(buf, "%d %d", &num, &size) == 2) sizes[num - 1] = size; } ... }
Bad · C
/* capture the sizes of all messages */ int getsizes(int sock, int count, int *sizes) { ... char buf[BUFFER_SIZE]; int ok; int num, size; // read values from socket and added to sizes array while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0) { // continue read from socket until buf only contains '.' if (DOTLINE(buf)) break; else if (sscanf(buf, "%d %d", &num, &size) == 2) { if (num > 0 && num <= (unsigned)count) sizes[num - 1] = size; else /* warn about possible attempt to induce buffer overflow */ report(stderr, "Warning: ignoring bogus data for message sizes returned by server.\n"); } } ...
Good · C
In the following example the method displayProductSummary is called from a Web service servlet to retrieve product summary information for display to the user. The servlet obtains the integer value of the product number from the user and passes it to the displayProductSummary method. The displayProductSummary method passes the integer value of the product number to the getProductSummary method whi…
// Method called from servlet to obtain product information public String displayProductSummary(int index) { String productSummary = new String(""); try { String productSummary = getProductSummary(index); } catch (Exception ex) {...} return productSummary; } public String getProductSummary(int index) { return products[index]; }
Bad · Java
// Method called from servlet to obtain product information public String displayProductSummary(int index) { String productSummary = new String(""); try { String productSummary = getProductSummary(index); } catch (Exception ex) {...} return productSummary; } public String getProductSummary(int index) { String productSummary = ""; if ((index >= 0) && (index < MAX_PRODUCTS)) { productSummary = products[index]; } else { System.err.println("index is out of bounds"); throw new IndexOutOfBoundsException(); } return productSummary; }
Good · Java
CVE ID标题CVSS风险等级Published
CVE-2026-33557 Apache Kafka 安全漏洞 — Apache Kafka 9.1AICriticalAI2026-04-20
CVE-2018-25232 Softros LAN Messenger 安全漏洞 — Softros LAN Messenger 5.5 Medium2026-03-30
CVE-2019-25625 Pixarra Blob Studio 安全漏洞 — Blob Studio 6.2 Medium2026-03-23
CVE-2019-25622 Pixarra Paint Studio 安全漏洞 — Paint Studio 6.2 Medium2026-03-23
CVE-2019-25593 jetAudio jetCast Server 安全漏洞 — jetCast Server 5.5 Medium2026-03-22
CVE-2025-2399 Mitsubishi Electric多款产品 安全漏洞 — Mitsubishi Electric CNC M800V Series M800VW 5.9 Medium2026-03-10
CVE-2026-20440 MediaTek Chipsets 安全漏洞 — MediaTek chipset 6.7AIMediumAI2026-03-02
CVE-2026-20413 MediaTek Chipsets 安全漏洞 — MediaTek chipset 6.7AIMediumAI2026-02-02
CVE-2025-20796 MediaTek chipsets 安全漏洞 — MediaTek chipset 6.5 -2026-01-06
CVE-2025-48511 AMD uProf 安全漏洞 — AMD μProf 5.5 Medium2025-11-24
CVE-2025-48502 AMD μProf 安全漏洞 — AMD μProf 5.5 Medium2025-11-21
CVE-2025-55086 Eclipse ThreadX NetX Duo 安全漏洞 — NextX Duo 9.1AICriticalAI2025-10-20
CVE-2025-55087 Eclipse ThreadX NetX Duo 安全漏洞 — NextX Duo 7.1AIHighAI2025-10-17
CVE-2024-36342 AMD Graphics Driver和AMD Embedded Processors 安全漏洞 — AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics 8.8 High2025-09-06
CVE-2025-57777 Digilent DASYLab 安全漏洞 — DASYLab 7.8 High2025-09-02
CVE-2025-57775 Digilent DASYLab 安全漏洞 — DASYLab 7.8 High2025-09-02
CVE-2025-57778 Digilent DASYLab 安全漏洞 — DASYLab 7.8 High2025-09-02
CVE-2025-57776 Digilent DASYLab 安全漏洞 — DASYLab 7.8 High2025-09-02
CVE-2025-57774 Digilent DASYLab 安全漏洞 — DASYLab 7.8 High2025-09-02
CVE-2025-9189 Digilent DASYLab 安全漏洞 — DASYLab 7.8 High2025-09-02
CVE-2025-7849 NI LabVIEW 安全漏洞 — LabVIEW 7.8 High2025-07-29
CVE-2025-7848 NI LabVIEW 安全漏洞 — LabVIEW 7.8 High2025-07-29
CVE-2025-2634 NI LabVIEW 安全漏洞 — LabVIEW 7.8 High2025-07-23
CVE-2025-2633 NI LabVIEW 安全漏洞 — LabVIEW 7.8 High2025-07-23
CVE-2025-3755 Mitsubishi Electric MELSEC iQ-F series 安全漏洞 — MELSEC iQ-F Series FX5U-32MT/ES 9.1 Critical2025-05-29
CVE-2025-3357 IBM Tivoli Monitoring 安全漏洞 — Tivoli Monitoring 9.8 Critical2025-05-28
CVE-2024-10496 NI LabVIEW 安全漏洞 — LabVIEW 7.8 High2024-12-10
CVE-2024-10495 NI LabVIEW 安全漏洞 — LabVIEW 7.8 High2024-12-10
CVE-2024-10494 NI LabVIEW 安全漏洞 — LabVIEW 7.8 High2024-12-10
CVE-2024-51566 FreeBSD 安全漏洞 — FreeBSD 5.5AIMediumAI2024-11-12

CWE-1285 是常见的弱点类别,本平台收录该类弱点关联的 41 条 CVE 漏洞。