Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-1285 — Vulnerability Class 41

41 vulnerabilities classified as CWE-1285. AI Chinese analysis included.

CWE-1285 represents a critical input validation weakness where software fails to properly verify that a user-supplied index, position, or offset falls within the acceptable bounds of an indexable resource, such as a memory buffer or file. Attackers typically exploit this flaw by providing maliciously crafted values that exceed the resource’s limits, leading to out-of-bounds reads or writes. These exploits can result in data corruption, application crashes, or the execution of arbitrary code by accessing unauthorized memory regions. To prevent such vulnerabilities, developers must implement rigorous input validation checks that explicitly verify the provided index against the minimum and maximum allowable values before any access operation occurs. Additionally, utilizing safe programming languages with automatic bounds checking or employing static analysis tools during the development lifecycle can help identify and mitigate these risky coding patterns before deployment.

MITRE CWE Description
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties. Often, indexable resources such as memory buffers or files can be accessed using a specific position, index, or offset, such as an index for an array or a position for a file. When untrusted input is not properly validated before it is used as an index, attackers could access (or attempt to access) unauthorized portions of these resources. This could be used to cause buffer overflows, excessive resource allocation, or trigger unexpected failures.
Common Consequences (1)
OtherVaries by Context
Mitigations (1)
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
Effectiveness: High
Examples (2)
The following example retrieves the sizes of messages for a pop3 mail server. The message sizes are retrieved from a socket that returns in a buffer the message number and the message size, the message number (num) and size (size) are extracted from the buffer and the message size is placed into an array using the message number for the array index.
/* capture the sizes of all messages */ int getsizes(int sock, int count, int *sizes) { ... char buf[BUFFER_SIZE]; int ok; int num, size; // read values from socket and added to sizes array while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0) { // continue read from socket until buf only contains '.' if (DOTLINE(buf)) break; else if (sscanf(buf, "%d %d", &num, &size) == 2) sizes[num - 1] = size; } ... }
Bad · C
/* capture the sizes of all messages */ int getsizes(int sock, int count, int *sizes) { ... char buf[BUFFER_SIZE]; int ok; int num, size; // read values from socket and added to sizes array while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0) { // continue read from socket until buf only contains '.' if (DOTLINE(buf)) break; else if (sscanf(buf, "%d %d", &num, &size) == 2) { if (num > 0 && num <= (unsigned)count) sizes[num - 1] = size; else /* warn about possible attempt to induce buffer overflow */ report(stderr, "Warning: ignoring bogus data for message sizes returned by server.\n"); } } ...
Good · C
In the following example the method displayProductSummary is called from a Web service servlet to retrieve product summary information for display to the user. The servlet obtains the integer value of the product number from the user and passes it to the displayProductSummary method. The displayProductSummary method passes the integer value of the product number to the getProductSummary method whi…
// Method called from servlet to obtain product information public String displayProductSummary(int index) { String productSummary = new String(""); try { String productSummary = getProductSummary(index); } catch (Exception ex) {...} return productSummary; } public String getProductSummary(int index) { return products[index]; }
Bad · Java
// Method called from servlet to obtain product information public String displayProductSummary(int index) { String productSummary = new String(""); try { String productSummary = getProductSummary(index); } catch (Exception ex) {...} return productSummary; } public String getProductSummary(int index) { String productSummary = ""; if ((index >= 0) && (index < MAX_PRODUCTS)) { productSummary = products[index]; } else { System.err.println("index is out of bounds"); throw new IndexOutOfBoundsException(); } return productSummary; }
Good · Java
CVE IDTitleCVSSSeverityPublished
CVE-2026-33557 Apache Kafka: Missing JWT token validation in OAUTHBEARER authentication — Apache Kafka 9.1AICriticalAI2026-04-20
CVE-2018-25232 Softros LAN Messenger 9.2 Denial of Service via Log Files Location — Softros LAN Messenger 5.5 Medium2026-03-30
CVE-2019-25625 Blob Studio 2.17 Denial of Service via Malformed Input — Blob Studio 6.2 Medium2026-03-23
CVE-2019-25622 Paint Studio 2.17 Denial of Service via Malformed Input — Paint Studio 6.2 Medium2026-03-23
CVE-2019-25593 jetCast Server 2.0 Denial of Service via Log Directory — jetCast Server 5.5 Medium2026-03-22
CVE-2025-2399 Denial of Service (DoS) Vulnerability in Mitsubishi Electric CNC Series — Mitsubishi Electric CNC M800V Series M800VW 5.9 Medium2026-03-10
CVE-2026-20440 MediaTek Chipsets 安全漏洞 — MediaTek chipset 6.7AIMediumAI2026-03-02
CVE-2026-20413 MediaTek Chipsets 安全漏洞 — MediaTek chipset 6.7AIMediumAI2026-02-02
CVE-2025-20796 MediaTek chipsets 安全漏洞 — MediaTek chipset 6.5 -2026-01-06
CVE-2025-48511 AMD uProf 安全漏洞 — AMD μProf 5.5 Medium2025-11-24
CVE-2025-48502 AMD μProf 安全漏洞 — AMD μProf 5.5 Medium2025-11-21
CVE-2025-55086 Eclipse ThreadX NetX Duo 安全漏洞 — NextX Duo 9.1AICriticalAI2025-10-20
CVE-2025-55087 Eclipse ThreadX NetX Duo 安全漏洞 — NextX Duo 7.1AIHighAI2025-10-17
CVE-2024-36342 AMD Graphics Driver和AMD Embedded Processors 安全漏洞 — AMD Ryzen™ 4000 Series Mobile Processors with Radeon™ Graphics 8.8 High2025-09-06
CVE-2025-57777 Out Of Bounds Write in displ2.dll when parsing a DSB file with Digilent DASYLab — DASYLab 7.8 High2025-09-02
CVE-2025-57775 Heap-based Buffer Overflow when parsing a DSB file with Digilent DASYLab — DASYLab 7.8 High2025-09-02
CVE-2025-57778 Out Of Bounds Write to invalid source address when parsing a DSB file with Digilent DASYLab — DASYLab 7.8 High2025-09-02
CVE-2025-57776 Out Of Bounds Write to invalid address when parsing a DSB file with Digilent DASYLab — DASYLab 7.8 High2025-09-02
CVE-2025-57774 Out Of Bounds Write of invalid data when parsing a DSB file with Digilent DASYLab — DASYLab 7.8 High2025-09-02
CVE-2025-9189 Out Of Bounds Write when parsing a DSB file with Digilent DASYLab — DASYLab 7.8 High2025-09-02
CVE-2025-7849 Memory Corruption Issue in NI LabVIEW due to improper error handling — LabVIEW 7.8 High2025-07-29
CVE-2025-7848 Missing input check in lvpict.cpp used in NI LabVIEW — LabVIEW 7.8 High2025-07-29
CVE-2025-2634 Out of Bounds Read Vulnerability in NI LabVIEW when building font map — LabVIEW 7.8 High2025-07-23
CVE-2025-2633 Out of Bounds Read Vulnerability in NI LabVIEW when loading fonts — LabVIEW 7.8 High2025-07-23
CVE-2025-3755 Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module — MELSEC iQ-F Series FX5U-32MT/ES 9.1 Critical2025-05-29
CVE-2025-3357 IBM Tivoli Monitoring code execution — Tivoli Monitoring 9.8 Critical2025-05-28
CVE-2024-10496 Out of bounds read in BuildFontMap in fontmgr.cpp in NI LabVIEW — LabVIEW 7.8 High2024-12-10
CVE-2024-10495 Out of bounds read when loading the font table in fontmgr.cpp in NI LabVIEW — LabVIEW 7.8 High2024-12-10
CVE-2024-10494 Out of bounds read in HeapObjMapImpl.cpp in NI LabVIEW — LabVIEW 7.8 High2024-12-10
CVE-2024-51566 bhyve(8) NVMe driver to guest-induced infinite loops. — FreeBSD 5.5AIMediumAI2024-11-12

Vulnerabilities classified as CWE-1285 represent 41 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.