CWE-440 预期行为违背 类弱点 34 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-440 属于预期行为违规漏洞,指软件功能、API 或函数未按规范执行。攻击者常利用此缺陷,通过构造特定输入触发非预期逻辑,从而绕过安全控制或导致系统崩溃。开发者应避免此类问题,需严格遵循接口规范进行实现,加强输入验证与边界检查,并通过全面的单元测试确保代码行为与预期设计完全一致,防止逻辑偏差被恶意利用。
module csr_regfile #(...)(...); ... // --------------------------- // CSR Write and update logic // --------------------------- ... if (csr_we) begin unique case (csr_addr.address) ... riscv::CSR_SIE: begin // the mideleg makes sure only delegate-able register //(and therefore also only implemented registers) are written mie_d = (mie_q & ~mideleg_q) | (csr_wdata & mideleg_q) | utval_q; end ... endcase end endmodulemodule csr_regfile #(...)(...); ... // --------------------------- // CSR Write and update logic // --------------------------- ... if (csr_we) begin unique case (csr_addr.address) ... riscv::CSR_SIE: begin // the mideleg makes sure only delegate-able register //(and therefore also only implemented registers) are written mie_d = (mie_q & ~mideleg_q) | (csr_wdata & mideleg_q); end ... endcase end endmodule| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-41136 | free5GC 安全漏洞 — amf | 9.8AI | CriticalAI | 2026-04-21 |
| CVE-2026-3344 | WatchGuard Fireware OS 安全漏洞 — Fireware OS | 6.8AI | MediumAI | 2026-03-03 |
| CVE-2025-13940 | WatchGuard Fireware OS 安全漏洞 — Fireware OS | 9.1AI | CriticalAI | 2025-12-04 |
| CVE-2025-8850 | LibreChat 安全漏洞 — danny-avila/librechat | 6.5AI | MediumAI | 2025-10-30 |
| CVE-2025-52953 | Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 安全漏洞 — Junos OS | 6.5 | Medium | 2025-07-11 |
| CVE-2025-6211 | LlamaIndex 安全漏洞 — run-llama/llama_index | 8.2 | - | 2025-07-10 |
| CVE-2025-3044 | LlamaIndex 安全漏洞 — run-llama/llama_index | 6.5 | - | 2025-07-07 |
| CVE-2025-40555 | Siemens APOGEE PXC+TALON TC Series 安全漏洞 — APOGEE PXC+TALON TC Series (BACnet) | 4.7 | Medium | 2025-05-13 |
| CVE-2025-46712 | Erlang/OTP 安全漏洞 — otp | 3.7 | Low | 2025-05-08 |
| CVE-2023-26819 | cJSON 安全漏洞 — cJSON | 2.9 | Low | 2025-04-19 |
| CVE-2025-32728 | OpenSSH(OpenBSD Secure Shell) 安全漏洞 — OpenSSH | 4.3 | Medium | 2025-04-10 |
| CVE-2024-56202 | Apache Traffic Server 安全漏洞 — Apache Traffic Server | 9.1 | - | 2025-03-06 |
| CVE-2025-27401 | Tuleap 安全漏洞 — tuleap | 4.6 | Medium | 2025-03-04 |
| CVE-2025-27094 | Tuleap 安全漏洞 — tuleap | 5.4 | Medium | 2025-03-03 |
| CVE-2024-47762 | Backstage 安全漏洞 — backstage | 5.8 | Medium | 2024-10-03 |
| CVE-2024-8690 | Palo Alto Networks Cortex XDR 安全漏洞 — Cortex XDR Agent | 6.7AI | MediumAI | 2024-09-11 |
| CVE-2024-7246 | gRPC 安全漏洞 — gRPC | 5.3 | - | 2024-08-06 |
| CVE-2024-38806 | Cloud Foundry Foundation 安全漏洞 — UAA | 3.9 | Low | 2024-07-18 |
| CVE-2024-30246 | Tuleap 安全漏洞 — tuleap | 7.6 | High | 2024-03-29 |
| CVE-2023-6129 | OpenSSL 安全漏洞 — OpenSSL | 9.8AI | CriticalAI | 2024-01-09 |
| CVE-2023-4807 | OpenSSL 安全漏洞 — OpenSSL | 9.8 | - | 2023-09-08 |
| CVE-2023-32731 | gRPC 安全漏洞 — gRPC | 7.4 | High | 2023-06-09 |
| CVE-2023-32732 | gRPC 安全漏洞 — gRPC | 5.3 | Medium | 2023-06-09 |
| CVE-2023-2088 | OpenStack 安全漏洞 — OpenStack | 6.5 | - | 2023-05-12 |
| CVE-2022-3344 | Linux kernel 安全漏洞 — Linux kernel | 5.5 | - | 2022-10-24 |
| CVE-2022-3281 | 多款WAGO产品安全漏洞 — 750-81xx/xxx-xxx Series PFC100/PFC200 | 7.5 | High | 2022-10-17 |
| CVE-2020-10768 | Linux kernel 安全漏洞 — kernel | 5.5 | Medium | 2020-09-15 |
| CVE-2020-10767 | Linux kernel 安全漏洞 — kernel | 5.5 | Medium | 2020-09-15 |
| CVE-2020-10766 | Linux kernel scheduler 安全漏洞 — kernel | 5.5 | Medium | 2020-09-15 |
| CVE-2019-5108 | Linux kernel 授权问题漏洞 — Linux kernel | 6.5 | - | 2019-12-23 |
CWE-440(预期行为违背) 是常见的弱点类别,本平台收录该类弱点关联的 34 条 CVE 漏洞。