目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-1325 类漏洞列表 12

CWE-1325 类弱点 12 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1325 属于资源管理不当漏洞,指程序为每个对象单独分配内存,却未限制所有对象消耗的总内存量。攻击者可通过触发大量对象创建,耗尽系统内存导致拒绝服务。开发者应避免仅限制单次分配大小,而需实施全局内存配额监控,确保累积分配量不超过安全阈值,从而防止资源枯竭。

MITRE CWE 官方描述
CWE:CWE-1325 顺序内存分配控制不当 英文:产品管理一组对象或资源,并为每个对象执行单独的内存分配,但未正确限制所有组合对象消耗的总内存量。 虽然产品可能会限制单个对象在单次操作中分配的内存量(例如,数组的 malloc),但如果攻击者能够导致在单独操作中分配多个对象,则可能导致总内存消耗超过开发人员的预期,从而导致拒绝服务(Denial of Service)。
常见影响 (1)
AvailabilityDoS: Resource Consumption (Memory)
Not controlling memory allocation can result in a request for too much system memory, possibly leading to a crash of the application due to out-of-memory conditions, or the consumption of a large amount of memory on the system.
缓解措施 (2)
ImplementationEnsure multiple allocations of the same kind of object are properly tracked - possibly across multiple sessions, requests, or messages. Define an appropriate strategy for handling requests that exceed the limit, and consider supporting a configuration option so that the administrator can extend the amount of memory to be used if necessary.
OperationRun the program using system-provided resource limits for memory. This might still cause the program to crash or exit, but the impact to the rest of the system will be minimized.
代码示例 (1)
This example contains a small allocation of stack memory. When the program was first constructed, the number of times this memory was allocated was probably inconsequential and presented no problem. Over time, as the number of objects in the database grow, the number of allocations will grow - eventually consuming the available stack, i.e. "stack exhaustion." An attacker who is able to add element…
// Gets the size from the number of objects in a database, which over time can conceivably get very large int end_limit = get_nmbr_obj_from_db(); int i; int *base = NULL; int *p =base; for (i = 0; i < end_limit; i++) { *p = alloca(sizeof(int *)); // Allocate memory on the stack p = *p; // // Point to the next location to be saved }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-6535 Wireshark 顺序内存分配控制不当漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6533 Wireshark 不正确的顺序内存分配漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6869 Wireshark 内存分配不当漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-6867 Wireshark 顺序内存分配控制不当漏洞 — Wireshark 5.5 Medium2026-04-30
CVE-2026-3201 Wireshark 安全漏洞 — Wireshark 4.7 Medium2026-02-25
CVE-2026-24819 weixin4j 安全漏洞 — weixin4j 9.1AICriticalAI2026-01-27
CVE-2025-13945 Wireshark 安全漏洞 — Wireshark 5.5 Medium2025-12-03
CVE-2025-2240 Smallrye 安全漏洞 7.5 High2025-03-12
CVE-2023-52891 Siemens 多款产品安全漏洞 — SIMATIC Energy Manager Basic 5.3 Medium2024-07-09
CVE-2024-2511 OpenSSL 安全漏洞 — OpenSSL 7.5AIHighAI2024-04-08
CVE-2023-28968 Juniper Networks Junos OS 安全漏洞 — Junos OS 5.3 Medium2023-04-17
CVE-2021-43174 NLnet Labs Routinator 缓冲区错误漏洞 — Routinator 7.5 -2021-11-09

CWE-1325 是常见的弱点类别,本平台收录该类弱点关联的 12 条 CVE 漏洞。