目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-1389 类漏洞列表 2

CWE-1389 类弱点 2 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-1389 属于数字解析错误漏洞。当程序默认按十进制解析输入,却未处理以“0”开头的八进制或“0x”开头的十六进制字符串时,会导致数值被错误解读,例如“023”被误判为十进制的23而非八进制的19。攻击者可利用此差异绕过输入验证或逻辑检查,引发权限提升或数据篡改。开发者应显式指定解析基数,或使用严格验证函数,确保输入格式与预期进制一致,从而消除歧义。

MITRE CWE 官方描述
CWE:CWE-1389 不同基数(radices)数字的错误解析 英文:该产品在解析数值输入时假设其为基础 10(十进制)值,但未考虑使用不同基数(radix)的输入。 通常,以“0”开头的数值输入会被视为八进制,或以“0x”开头会被视为十六进制,例如由 `inet_addr()` 函数处理的情况。例如,“023”(八进制)等于十进制的 35,或“0x31”等于十进制的 49。其他基数也可能被使用。如果开发者假设仅输入十进制数值,当输入使用不同基数进行解析时,代码可能会生成错误的数值。这可能导致意外和/或危险的行为。例如,“0127.0.0.1” IP 地址由于前导“0”而被解析为八进制,其数值等同于十进制的 87.0.0.1,而开发者可能原本期望使用的是 127.0.0.1。后果取决于此弱点发生时的周围代码,但可能包括使用意外的 IP 地址或子网掩码绕过基于网络的访问控制,或导致看似符号化的标识符被当作数值进行处理。在 Web 应用中,这可能允许绕过 SSRF(服务端请求伪造)限制。
常见影响 (2)
ConfidentialityRead Application Data
An attacker may use an unexpected numerical base to access private application resources.
IntegrityBypass Protection Mechanism, Alter Execution Logic
An attacker may use an unexpected numerical base to bypass or manipulate access control mechanisms.
缓解措施 (3)
ImplementationIf only decimal-based values are expected in the application, conditional checks should be created in a way that prevent octal or hexadecimal strings from being checked. This can be achieved by converting any numerical string to an explicit base-10 integer prior to the conditional check, to prevent octal or hex values from ever being checked against the condition.
ImplementationIf various numerical bases do need to be supported, check for leading values indicating the non-decimal base you wish to support (such as 0x for hex) and convert the numeric strings to integers of the respective base. Reject any other alternative-base string that is not intentionally supported by the application.
ImplementationIf regular expressions are used to validate IP addresses, ensure that they are bounded using ^ and $ to prevent base-prepended IP addresses from being matched.
代码示例 (2)
The below demonstrative example uses an IP validator that splits up an IP address by octet, tests to ensure each octet can be casted into an integer, and then returns the original IP address if no exceptions are raised. This validated IP address is then tested using the "ping" command.
import subprocess def validate_ip(ip: str): split_ip = ip.split('.') if len(split_ip) > 4 or len(split_ip) == 0: raise ValueError("Invalid IP length") for octet in split_ip: try: int(octet, 10) except ValueError as e: raise ValueError(f"Cannot convert IP octet to int - {e}") # Returns original IP after ensuring no exceptions are raised return ip def run_ping(ip: str): validated = validate_ip(ip) # The ping command treats zero-prepended IP addresses as octal result = subprocess.call(["ping", validated]) print(result)
Bad · Python
This code uses a regular expression to validate an IP string prior to using it in a call to the "ping" command.
import subprocess import re def validate_ip_regex(ip: str): ip_validator = re.compile(r"((25[0-5]|(2[0-4]|1\d|[1-9]|)\d)\.?\b){4}") if ip_validator.match(ip): return ip else: raise ValueError("IP address does not match valid pattern.") def run_ping_regex(ip: str): validated = validate_ip_regex(ip) # The ping command treats zero-prepended IP addresses as octal result = subprocess.call(["ping", validated]) print(result)
Bad · Python
CVE ID标题CVSS风险等级Published
CVE-2018-25242 One Search 安全漏洞 — One Search 6.2 Medium2026-04-04
CVE-2024-26015 Fortinet FortiProxy 安全漏洞 — FortiProxy 3.1 Low2024-07-09

CWE-1389 是常见的弱点类别,本平台收录该类弱点关联的 2 条 CVE 漏洞。