目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-176 Unicode编码处理不恰当 类漏洞列表 18

CWE-176 Unicode编码处理不恰当 类弱点 18 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-176 属于输入验证缺陷,指软件未能正确处理包含 Unicode 编码的输入数据。攻击者常利用编码混淆或非法字符序列绕过安全过滤机制,从而触发缓冲区溢出、注入攻击或逻辑错误。开发者应实施严格的输入验证,确保对 Unicode 数据进行标准化处理,并采用白名单机制限制可接受的字符集,以消除编码解析不一致带来的安全隐患。

MITRE CWE 官方描述
CWE:CWE-176 不当处理 Unicode 编码 英文:当输入包含 Unicode 编码时,产品未能正确处理。
常见影响 (1)
IntegrityUnexpected State
缓解措施 (3)
Architecture and DesignAvoid making decisions based on names of resources (e.g. files) if those resources can have alternate names.
ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…
ImplementationInputs should be decoded and canonicalized to the application's current internal representation before being validated (CWE-180). Make sure that the application does not decode the same input twice (CWE-174). Such errors could be used to bypass allowlist validation schemes by introducing dangerous inputs after they have been checked.
代码示例 (1)
Windows provides the MultiByteToWideChar(), WideCharToMultiByte(), UnicodeToBytes(), and BytesToUnicode() functions to convert between arbitrary multibyte (usually ANSI) character strings and Unicode (wide character) strings. The size arguments to these functions are specified in different units, (one in bytes, the other in characters) making their use prone to error.
void getUserInfo(char *username, struct _USER_INFO_2 info){ WCHAR unicodeUser[UNLEN+1]; MultiByteToWideChar(CP_ACP, 0, username, -1, unicodeUser, sizeof(unicodeUser)); NetUserGetInfo(NULL, unicodeUser, 2, (LPBYTE *)&info); }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-7040 Text::Minify::XS 安全漏洞 — Text::Minify::XS 9.8AICriticalAI2026-04-27
CVE-2026-35375 uutils coreutils 安全漏洞 — coreutils 3.3 Low2026-04-22
CVE-2026-35373 uutils coreutils 安全漏洞 — coreutils 3.3 Low2026-04-22
CVE-2026-35346 uutils coreutils 安全漏洞 — coreutils 3.3 Low2026-04-22
CVE-2026-20202 Splunk Cloud Platform和Splunk Enterprise 安全漏洞 — Splunk Enterprise 6.6 Medium2026-04-15
CVE-2026-4116 SonicWALL SMA1000 安全漏洞 — SMA1000 8.8AIHighAI2026-04-09
CVE-2026-4114 SonicWALL SMA1000 安全漏洞 — SMA1000 7.2AIHighAI2026-04-09
CVE-2026-25480 Litestar 安全漏洞 — litestar 6.5 Medium2026-02-09
CVE-2026-23950 node-tar 安全漏洞 — node-tar 8.8 High2026-01-20
CVE-2025-59547 DNN 安全漏洞 — Dnn.Platform 5.3 Medium2025-09-23
CVE-2024-8067 Perforce Helix Core 安全漏洞 — Helix Core 9.1AICriticalAI2024-09-24
CVE-2024-24691 Zoom多款产品安全漏洞 — Zoom Desktop Client for Windows, Zoom VDI Client for Windows, and Zoom Meeting SDK for Windows 9.6 Critical2024-02-14
CVE-2023-52081 ffcss 安全漏洞 — ffcss 5.3 Medium2023-12-28
CVE-2023-41889 SHIRASAGI 安全漏洞 — shirasagi 5.3 Medium2023-09-15
CVE-2023-31169 Schweitzer Engineering Laboratories SEL-5030 acSELerator QuickSet 安全漏洞 — SEL-5030 acSELerator QuickSet Software 4.8 Medium2023-08-31
CVE-2023-39213 Zoom Client 注入漏洞 — Zoom Desktop Client for Windows and Zoom VDI Client 9.6 Critical2023-08-08
CVE-2022-29812 JetBrains IntelliJ IDEA 安全漏洞 — IntelliJ IDEA 2.3 Low2022-04-28
CVE-2020-8929 Tink 安全漏洞 — Tink 5.3 Medium2020-10-19

CWE-176(Unicode编码处理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 18 条 CVE 漏洞。