目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-390 未有动作错误条件的检测 类漏洞列表 14

CWE-390 未有动作错误条件的检测 类弱点 14 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-390 属于错误处理不当漏洞,指程序检测到特定错误条件却未采取任何应对措施。攻击者通常利用此缺陷,通过触发异常状态使程序进入不可控行为,如拒绝服务或逻辑绕过,从而破坏系统完整性或可用性。开发者应避免此类问题,需在检测到错误后实施明确的恢复机制、日志记录或安全终止流程,确保程序状态始终处于可控且安全的范围内。

MITRE CWE 官方描述
CWE:CWE-390 Detection of Error Condition Without Action 英文:The product detects a specific error, but takes no actions to handle the error. 译文:产品检测到特定错误,但未采取任何措施来处理该错误。
常见影响 (1)
Integrity, OtherVaries by Context, Unexpected State, Alter Execution Logic
An attacker could utilize an ignored error condition to place the system in an unexpected state that could lead to the execution of unintended logic and could cause other unintended behavior.
缓解措施 (3)
ImplementationProperly handle each exception. This is the recommended solution. Ensure that all exceptions are handled in such a way that you can be sure of the state of your system at any given moment.
ImplementationIf a function returns an error, it is important to either fix the problem and try again, alert the user that an error has happened and let the program continue, or alert the user and close and cleanup the program.
TestingSubject the product to extensive testing to discover some of the possible instances of where/how errors or return values are not handled. Consider testing techniques such as ad hoc, equivalence partitioning, robustness and fault tolerance, mutation, and fuzzing.
代码示例 (2)
The following example attempts to allocate memory for a character. After the call to malloc, an if statement is used to check whether the malloc function failed.
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { //We do nothing so we just ignore the error. }
Bad · C
foo=malloc(sizeof(char)); //the next line checks to see if malloc failed if (foo==NULL) { printf("Malloc failed to allocate memory resources"); return -1; }
Good · C
In the following C++ example the method readFile() will read the file whose name is provided in the input parameter and will return the contents of the file in char string. The method calls open() and read() may result in errors if the file does not exist or does not contain any data to read. These errors will be thrown when the is_open() method and good() method indicate errors opening or reading…
char* readfile (char *filename) { try { // open input file ifstream infile; infile.open(filename); if (!infile.is_open()) { throw "Unable to open file " + filename; } // get length of file infile.seekg (0, ios::end); int length = infile.tellg(); infile.seekg (0, ios::beg); // allocate memory char *buffer = new char [length]; // read data from file infile.read (buffer,length); if (!infile.good()) { throw "Unable to read from file " + filename; } infile.close(); return buffer; } catch (...) { /* bug: insert code to handle this later */ } }
Bad · C++
char* readFile (char *filename) { try { // open input file ifstream infile; infile.open(filename); if (!infile.is_open()) { throw "Unable to open file " + filename; } // get length of file infile.seekg (0, ios::end); int length = infile.tellg(); infile.seekg (0, ios::beg); // allocate memory char *buffer = new char [length]; // read data from file infile.read (buffer,length); if (!infile.good()) { throw "Unable to read from file " + filename; } infile.close(); return buffer; } catch (char *str) { printf("Error: %s \n", str); infile.close(); throw str; } catch (...) { printf("Error occurred try
Good · C++
CVE ID标题CVSS风险等级Published
CVE-2025-0029 AMD EPYC 9005 Series 安全漏洞 — AMD EPYC™ 9005 Series Processors 6.7AIMediumAI2026-02-10
CVE-2025-46367 Dell Alienware Command Center 安全漏洞 — Alienware Command Center 7.8 High2025-11-13
CVE-2025-27039 Qualcomm Chipsets 安全漏洞 — Snapdragon 6.6 Medium2025-10-09
CVE-2024-49841 Qualcomm Chipsets 安全漏洞 — Snapdragon 7.8 High2025-05-06
CVE-2025-26465 OpenSSH 安全漏洞 6.8 Medium2025-02-18
CVE-2025-25204 GitHub CLI 安全漏洞 — cli 6.3 Medium2025-02-14
CVE-2024-12086 Rsync 安全漏洞 6.1 Medium2025-01-14
CVE-2024-11942 Drupal 安全漏洞 — Drupal Core 9.1 -2024-12-05
CVE-2024-30255 Envoy 安全漏洞 — envoy 5.3 Medium2024-04-04
CVE-2024-27919 Envoy 安全漏洞 — envoy 7.5 High2024-04-04
CVE-2024-20316 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 5.8 Medium2024-03-27
CVE-2021-40391 Gerbv 缓冲区错误漏洞 — Gerbv 7.8 -2021-11-19
CVE-2019-5051 Simple DirectMedia Layer 缓冲区错误漏洞 — Simple DirectMedia 8.8 -2019-07-03
CVE-2017-7485 PostgreSQL 安全漏洞 — PostgreSQL 6.8 -2017-05-12

CWE-390(未有动作错误条件的检测) 是常见的弱点类别,本平台收录该类弱点关联的 14 条 CVE 漏洞。