目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1110

100%
请我们喝杯咖啡

CWE-1384 类漏洞列表 1

CWE-1384 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1384指软件未能妥善处理意外或人为诱导的物理及环境条件。攻击者常通过极端温度、电压波动或电磁干扰等物理手段,诱导硬件故障或逻辑错误,从而绕过安全机制或导致系统崩溃。开发者应在设计阶段评估运行环境极限,实施冗余校验、异常检测及容错机制,确保在超出预期物理条件时能安全降级或报错,而非产生不可控行为,从而提升系统在恶劣环境下的鲁棒性。

MITRE CWE 官方描述
CWE:CWE-1384 对物理或环境条件的处理不当 英文:产品未能正确处理自然发生或人为诱导的意外物理或环境条件。 硬件产品通常仅在特定的物理限制或环境条件下保证行为正确。此类产品不一定能够控制其所承受的物理或外部条件。然而,无法处理这些条件可能会削弱产品的安全性。例如,意外的物理或环境条件可能导致用于身份验证决策的位发生翻转。这种意外条件可能是自然发生的,也可能是由对手人为诱导的。需要关注的物理或环境条件包括:大气特性:极端温度范围等。干扰:电磁干扰 (EMI)、射频干扰 (RFI) 等。各种光源:白光、紫外线 (UV)、激光、红外 (IR) 等。电源波动:欠压、过压、欠流、过流等。时钟波动:毛刺、超频、时钟拉伸等。组件老化和退化。材料操控:聚焦离子束 (FIB) 等。暴露于辐射:X 射线、宇宙辐射等。
常见影响 (1)
Confidentiality, Integrity, AvailabilityVaries by Context, Unexpected State
Consequences of this weakness are highly dependent on the role of affected components within the larger product.
缓解措施 (3)
RequirementsIn requirements, be specific about expectations for how the product will perform when it exceeds physical and environmental boundary conditions, e.g., by shutting down.
Architecture and Design, ImplementationWhere possible, include independent components that can detect excess environmental conditions and have the capability to shut down the product.
Architecture and Design, ImplementationWhere possible, use shielding or other materials that can increase the adversary's workload and reduce the likelihood of being able to successfully trigger a security-related failure.
代码示例 (2)
Below is a representative snippet of C code that is part of the secure-boot flow. A signature of the runtime-firmware image is calculated and compared against a golden value. If the signatures match, the bootloader loads runtime firmware. If there is no match, an error halt occurs. If the underlying hardware executing this code does not contain any circuitry or sensors to detect voltage or clock g…
... if (signature_matches)  // <-Glitch Here { load_runtime_firmware(); } else { do_not_load_runtime_firmware(); } ...
Bad · C
If the underlying hardware detects a voltage or clock glitch, the information can be used to prevent the glitch from being successful.
Good · Other
In 2016, a security researcher, who was also a patient using a pacemaker, was on an airplane when a bit flip occurred in the pacemaker, likely due to the higher prevalence of cosmic radiation at such heights. The pacemaker was designed to account for bit flips and went into a default safe mode, which still forced the patient to go to a hospital to get it reset. The bit flip also inadvertently enab…
CVE ID标题CVSS风险等级Published
CVE-2025-52557 Zero 安全漏洞 — Zero 6.1AIMediumAI2025-06-21

CWE-1384 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。