目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-191 整数下溢(超界折返) 类漏洞列表 230

CWE-191 整数下溢(超界折返) 类弱点 230 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-191 整数下溢漏洞发生于程序执行减法操作时,结果低于整数类型允许的最小值,导致数值回绕至最大值附近,产生非预期结果。攻击者常利用此缺陷绕过安全检查或引发逻辑错误,进而可能导致缓冲区溢出等更严重的安全问题。开发者应通过添加边界检查、使用更大范围的整数类型或启用编译器的溢出检测功能,确保算术运算在合法范围内,从而有效防止此类漏洞发生。

MITRE CWE 官方描述
CWE:CWE-191 整数下溢(Integer Underflow)(回绕或回绕现象 Wrap or Wraparound) 产品从一个值中减去另一个值,导致结果小于允许的最小整数值,从而产生一个不等于正确结果的值。 这种情况可能发生在有符号(signed)和无符号(unsigned)情形中。
常见影响 (3)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
IntegrityModify Memory
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
Confidentiality, Availability, Access ControlExecute Unauthorized Code or Commands, Bypass Protection Mechanism
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
代码示例 (2)
The following example subtracts from a 32 bit signed integer.
#include <stdio.h> #include <stdbool.h> main (void) { int i; i = -2147483648; i = i - 1; return 0; }
Bad · C
This code performs a stack allocation based on a length calculation.
int a = 5, b = 6; size_t len = a - b; char buf[len];    // Just blows up the stack }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-30803 RTI Connext Micro 整数下溢漏洞 — Connext Micro--2026-06-17
CVE-2026-54413 driftregion iso14229 缓冲区错误漏洞 — iso14229 8.2 High2026-06-14
CVE-2026-11850 MIT krb5 数字错误漏洞 — Red Hat Hardened Images 5.0 Medium2026-06-11
CVE-2026-42542 TDengine 数字错误漏洞 — TDengine 7.5 High2026-06-10
CVE-2026-42981 Microsoft Windows 数字错误漏洞 — Windows 11 version 23H2 8.1 High2026-06-09
CVE-2026-42980 Microsoft Windows NT OS Kernel 安全漏洞 — Windows 10 Version 1607 7.8 High2026-06-09
CVE-2026-45463 Microsoft Office 安全漏洞 — Microsoft 365 Apps for Enterprise 8.4 High2026-06-09
CVE-2026-45469 Microsoft Office Excel 安全漏洞 — Microsoft 365 Apps for Enterprise 7.8 High2026-06-09
CVE-2026-11789 389 Directory Server 数字错误漏洞 — Red Hat Directory Server 11 4.9 Medium2026-06-09
CVE-2026-49494 Comodo Internet Security 数字错误漏洞 — Comodo Internet Security 7.5 High2026-06-07
CVE-2026-50593 Graphite-Web 数字错误漏洞 — Graphite 7.3 High2026-06-05
CVE-2026-25104 MediaInfoLib 安全漏洞 — MediaInfoLib 7.8 High2026-05-26
CVE-2026-44069 Netatalk 数字错误漏洞 — Netatalk 3.4 Low2026-05-21
CVE-2026-44060 Netatalk 数字错误漏洞 — Netatalk 7.5 High2026-05-21
CVE-2026-42268 Modsecurity 数字错误漏洞 — ModSecurity--2026-05-12
CVE-2026-34672 Adobe CAI Content Credentials 数字错误漏洞 — CAI Content Credentials 6.2 Medium2026-05-12
CVE-2026-34667 Adobe CAI Content Credentials 数字错误漏洞 — CAI Content Credentials 6.2 Medium2026-05-12
CVE-2026-40397 Microsoft Windows Common Log File System Driver 数字错误漏洞 — Windows 10 Version 1607 7.8 High2026-05-12
CVE-2026-7736 GoBGP 数字错误漏洞 — GoBGP 7.3 High2026-05-04
CVE-2026-33845 Red Hat Enterprise Linux 数字错误漏洞 7.5 High2026-04-30
CVE-2026-7424 FreeRTOS-Plus-TCP 数字错误漏洞 — FreeRTOS-Plus-TCP 8.1 High2026-04-29
CVE-2026-7423 FreeRTOS-Plus-TCP 数字错误漏洞 — FreeRTOS-Plus-TCP 5.3 Medium2026-04-29
CVE-2026-6914 MongoDB Server 数字错误漏洞 — MongoDB Server 6.5 Medium2026-04-29
CVE-2026-40356 MIT Kerberos 数字错误漏洞 — Kerberos 5 5.9 Medium2026-04-28
CVE-2026-28525 SWUpdate 缓冲区错误漏洞 — swupdate 6.8 Medium2026-04-23
CVE-2026-33999 X.Org X Server 数字错误漏洞 — Red Hat Enterprise Linux 10 7.8 High2026-04-23
CVE-2026-34064 Nimiq 数字错误漏洞 — nimiq-account 5.3 Medium2026-04-22
CVE-2026-5720 MiniUPnP 安全漏洞 — miniupnpd 9.1AICriticalAI2026-04-17
CVE-2026-27297 Adobe Framemaker 数字错误漏洞 — Adobe Framemaker 7.8 High2026-04-14
CVE-2026-27296 Adobe Framemaker 数字错误漏洞 — Adobe Framemaker 7.8 High2026-04-14

CWE-191(整数下溢(超界折返)) 是常见的弱点类别,本平台收录该类弱点关联的 230 条 CVE 漏洞。