目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-413 资源加锁不恰当 类漏洞列表 11

CWE-413 资源加锁不恰当 类弱点 11 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-413属于资源锁定不当漏洞,指产品在需要独占访问资源时未正确加锁。攻击者利用此缺陷,在程序操作资源期间并发修改数据,破坏程序对资源稳定性的假设,从而引发意外行为或逻辑错误。开发者应避免此类问题,确保在关键操作前获取排他性锁,并在操作完成后及时释放,以保障数据一致性与系统安全。

MITRE CWE 官方描述
CWE:CWE-413 资源锁定不当 (Improper Resource Locking) 英文:当产品必须对资源拥有独占访问权限时,产品未锁定资源或未能正确锁定资源。 如果资源未得到正确锁定,攻击者可能在产品操作该资源的过程中对其进行修改。这可能会违反产品关于资源不会发生变化的假设,从而导致意外行为。
常见影响 (1)
Integrity, AvailabilityModify Application Data, DoS: Instability, DoS: Crash, Exit, or Restart
缓解措施 (2)
Architecture and DesignUse a non-conflicting privilege scheme.
Architecture and Design, ImplementationUse synchronization when locking a resource.
代码示例 (2)
The following function attempts to acquire a lock in order to perform operations on a shared resource.
void f(pthread_mutex_t *mutex) { pthread_mutex_lock(mutex); /* access shared resource */ pthread_mutex_unlock(mutex); }
Bad · C
int f(pthread_mutex_t *mutex) { int result; result = pthread_mutex_lock(mutex); if (0 != result) return result; /* access shared resource */ return pthread_mutex_unlock(mutex); }
Good · C
This Java example shows a simple BankAccount class with deposit and withdraw methods.
public class BankAccount { // variable for bank account balance private double accountBalance; // constructor for BankAccount public BankAccount() { accountBalance = 0; } // method to deposit amount into BankAccount public void deposit(double depositAmount) { double newBalance = accountBalance + depositAmount; accountBalance = newBalance; } // method to withdraw amount from BankAccount public void withdraw(double withdrawAmount) { double newBalance = accountBalance - withdrawAmount; accountBalance = newBalance; } // other methods for accessing the BankAccount object ... }
Bad · Java
public class BankAccount { ... // synchronized method to deposit amount into BankAccount public synchronized void deposit(double depositAmount) { ... } // synchronized method to withdraw amount from BankAccount public synchronized void withdraw(double withdrawAmount) { ... } ... }
Good · Java
CVE ID标题CVSS风险等级Published
CVE-2026-32748 Squid 安全漏洞 — squid 7.5 -2026-03-26
CVE-2025-0003 AMD Xilinx Run Time 安全漏洞 — Xilinx Run Time (XRT) 7.3 High2025-11-24
CVE-2025-3450 B&R Automation Runtime 安全漏洞 — Automation Runtime 10.0 Critical2025-10-07
CVE-2023-32253 Linux kernel 安全漏洞 5.9 Medium2025-08-02
CVE-2022-49737 X.Org X Server 安全漏洞 — X server 7.7 High2025-03-16
CVE-2023-33951 Linux kernel 安全漏洞 — Red Hat Enterprise Linux 8 6.7 Medium2023-07-24
CVE-2023-2430 Linux kernel 安全漏洞 — kernel 5.5 -2023-07-23
CVE-2023-28649 Snap One OvrC Cloud 输入验证错误漏洞 — OvrC Cloud 8.6 High2023-05-22
CVE-2023-2269 Linux kernel 安全漏洞 — Kernel 5.5 -2023-04-25
CVE-2022-20678 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 8.6 High2022-04-15
CVE-2019-17102 Bitdefender BOX 竞争条件问题漏洞 — Bitdefender BOX 2 8.3 High2020-01-27

CWE-413(资源加锁不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 11 条 CVE 漏洞。