目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-191 整数下溢(超界折返) 类漏洞列表 212

CWE-191 整数下溢(超界折返) 类弱点 212 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-191 整数下溢漏洞发生于程序执行减法操作时,结果低于整数类型允许的最小值,导致数值回绕至最大值附近,产生非预期结果。攻击者常利用此缺陷绕过安全检查或引发逻辑错误,进而可能导致缓冲区溢出等更严重的安全问题。开发者应通过添加边界检查、使用更大范围的整数类型或启用编译器的溢出检测功能,确保算术运算在合法范围内,从而有效防止此类漏洞发生。

MITRE CWE 官方描述
CWE:CWE-191 整数下溢(Integer Underflow)(回绕或回绕现象 Wrap or Wraparound) 产品从一个值中减去另一个值,导致结果小于允许的最小整数值,从而产生一个不等于正确结果的值。 这种情况可能发生在有符号(signed)和无符号(unsigned)情形中。
常见影响 (3)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
IntegrityModify Memory
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
Confidentiality, Availability, Access ControlExecute Unauthorized Code or Commands, Bypass Protection Mechanism
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
代码示例 (2)
The following example subtracts from a 32 bit signed integer.
#include <stdio.h> #include <stdbool.h> main (void) { int i; i = -2147483648; i = i - 1; return 0; }
Bad · C
This code performs a stack allocation based on a length calculation.
int a = 5, b = 6; size_t len = a - b; char buf[len];    // Just blows up the stack }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-7736 osrg GoBGP MRT数据解析整数下溢漏洞 — GoBGP 7.3 High2026-05-04
CVE-2026-33845 GnuTLS DTLS零长度分片拒绝服务漏洞 7.5 High2026-04-30
CVE-2026-7424 FreeRTOS-Plus-TCP 数字错误漏洞 — FreeRTOS-Plus-TCP 8.1 High2026-04-29
CVE-2026-7423 FreeRTOS-Plus-TCP 数字错误漏洞 — FreeRTOS-Plus-TCP 5.3 Medium2026-04-29
CVE-2026-6914 MongoDB Server 数字错误漏洞 — MongoDB Server 6.5 Medium2026-04-29
CVE-2026-40356 MIT Kerberos 数字错误漏洞 — Kerberos 5 5.9 Medium2026-04-28
CVE-2026-28525 SWUpdate 缓冲区错误漏洞 — swupdate 6.8 Medium2026-04-23
CVE-2026-33999 X.Org X Server 数字错误漏洞 — Red Hat Enterprise Linux 10 7.8 High2026-04-23
CVE-2026-34064 Nimiq 数字错误漏洞 — nimiq-account 5.3 Medium2026-04-22
CVE-2026-5720 MiniUPnP 安全漏洞 — miniupnpd 9.1AICriticalAI2026-04-17
CVE-2026-27297 Adobe Framemaker 数字错误漏洞 — Adobe Framemaker 7.8 High2026-04-14
CVE-2026-27296 Adobe Framemaker 数字错误漏洞 — Adobe Framemaker 7.8 High2026-04-14
CVE-2026-27907 Microsoft Windows Storage Spaces Controller 数字错误漏洞 — Windows 11 version 22H3 7.8 High2026-04-14
CVE-2026-40386 Libexif 数字错误漏洞 — libexif 4.0 Medium2026-04-12
CVE-2026-5188 wolfSSL 安全漏洞 — wolfSSL 6.5 -2026-04-10
CVE-2026-5778 wolfSSL 安全漏洞 — wolfSSL 7.5AIHighAI2026-04-09
CVE-2026-39314 OpenPrinting CUPS 数字错误漏洞 — cups 4.0 Medium2026-04-07
CVE-2026-33184 core-rs-albatross 数字错误漏洞 — core-rs-albatross 7.5 High2026-04-03
CVE-2026-34165 go-git 安全漏洞 — go-git 5.0 Medium2026-03-31
CVE-2026-25075 strongSwan 代码问题漏洞 — strongSwan 7.5 High2026-03-23
CVE-2026-1005 wolfSSL 安全漏洞 — wolfSSL 7.5 -2026-03-19
CVE-2026-2369 libsoup 安全漏洞 — Red Hat Enterprise Linux 10 6.5 Medium2026-03-19
CVE-2026-32775 Libexif 数字错误漏洞 — libexif 7.4 High2026-03-16
CVE-2026-3084 GStreamer 数字错误漏洞 — GStreamer 8.4 -2026-03-13
CVE-2026-31883 FreeRDP 数字错误漏洞 — FreeRDP 6.5 Medium2026-03-13
CVE-2026-29078 Lexbor 缓冲区错误漏洞 — lexbor 8.8 -2026-03-13
CVE-2026-23748 Golioth Firmware SDK 安全漏洞 — Firmware SDK 3.7 Low2026-02-26
CVE-2026-27710 NanaZip 安全漏洞 — NanaZip 7.5AIHighAI2026-02-25
CVE-2026-3172 pgvector 安全漏洞 — pgvector 8.1 High2026-02-25
CVE-2025-14055 Silicon Labs Simplicity SDK 安全漏洞 — Simplicity SDK, Gecko SDK 7.5AIHighAI2026-02-20

CWE-191(整数下溢(超界折返)) 是常见的弱点类别,本平台收录该类弱点关联的 212 条 CVE 漏洞。