目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-459 清理环节不完整 类漏洞列表 56

CWE-459 清理环节不完整 类弱点 56 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-459 属于资源管理缺陷,指程序在使用临时或辅助资源后未能正确清理和移除。攻击者常利用此漏洞耗尽系统资源,导致拒绝服务或引发内存泄漏,进而可能触发其他安全漏洞。开发者应避免此类问题,需在代码中确保资源释放逻辑的完整性,例如使用异常处理机制保证清理操作在正常及错误路径下均能执行,并定期审查资源生命周期管理。

MITRE CWE 官方描述
CWE:CWE-459 清理不完整(Incomplete Cleanup) 英文:产品在临时或辅助资源(temporary or supporting resources)使用后,未能正确“清理”(clean up)并移除这些资源。
常见影响 (1)
Other, Confidentiality, IntegrityOther, Read Application Data, Modify Application Data, DoS: Resource Consumption (Other)
It is possible to overflow the number of temporary files because directories typically have limits on the number of files allowed. This could create a denial of service problem.
缓解措施 (1)
Architecture and Design, ImplementationTemporary files and other supporting resources should be deleted/released immediately after they are no longer needed.
代码示例 (1)
Stream resources in a Java application should be released in a finally block, otherwise an exception thrown before the call to close() would result in an unreleased I/O resource. In the example below, the close() method is called in the try block (incorrect).
try { InputStream is = new FileInputStream(path); byte b[] = new byte[is.available()]; is.read(b); is.close(); } catch (Throwable t) { log.error("Something bad happened: " + t.getMessage()); }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2024-45445 Huawei HarmonyOS 安全漏洞 — HarmonyOS 4.0 Medium2024-09-04
CVE-2023-31356 AMD Secure Processor和AMD Secure Encrypted Virtualization 安全漏洞 — AMD EPYC™ 7003 Processors 4.4 Medium2024-08-13
CVE-2024-6300 Conduit 安全漏洞 — Conduit 3.7 Low2024-06-25
CVE-2024-20303 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 7.4 High2024-03-27
CVE-2024-23672 Apache Tomcat 安全漏洞 — Apache Tomcat 7.5AIHighAI2024-03-13
CVE-2024-26005 PHOENIX CONTACT CHARX SEC 安全漏洞 — CHARX SEC-3000 4.8 Medium2024-03-12
CVE-2024-1048 grub2 安全漏洞 3.3 Low2024-02-06
CVE-2024-21617 Juniper Networks Junos OS 和 Junos OS Evolved 安全漏洞 — Junos OS 6.5 Medium2024-01-12
CVE-2023-41835 Apache Struts 安全漏洞 — Apache Struts 8.2 -2023-12-05
CVE-2023-42795 Apache Tomcat 安全漏洞 — Apache Tomcat 5.3 -2023-10-10
CVE-2023-42794 Apache Tomcat 安全漏洞 — Apache Tomcat 7.5 -2023-10-10
CVE-2023-36468 XWiki Platform 安全漏洞 — xwiki-platform 10.0 Critical2023-06-29
CVE-2022-45455 Acronis Agent 安全漏洞 — Acronis Cyber Protect Home Office 7.8 -2023-02-13
CVE-2023-22407 Juniper Networks Junos OS 安全漏洞 — Junos OS 6.5 Medium2023-01-12
CVE-2022-45347 Apache ShardingSphere 安全漏洞 — Apache ShardingSphere-Proxy 9.8 -2022-12-22
CVE-2022-3238 Linux kernel 资源管理错误漏洞 — Kernel 7.8 -2022-11-14
CVE-2022-1552 PostgreSQL 权限许可和访问控制问题漏洞 — postgresql 8.8 -2022-08-31
CVE-2022-0171 Linux kernel 安全漏洞 — kernel 5.5 -2022-08-26
CVE-2021-36205 Johnson Controls Metasys ADS/ADX/OAS Servers 安全漏洞 — Metasys 8.1 High2022-04-15
CVE-2021-4002 Linux kernel 安全漏洞 — kernel 3.3 -2022-03-03
CVE-2022-0646 Linux kernel 资源管理错误漏洞 — Kernel 7.8 -2022-02-18
CVE-2021-4032 Linux kernel 安全漏洞 — kernel 4.4 -2022-01-21
CVE-2021-32928 Objective Open CBOR Run-time 安全漏洞 — Sentinel LDK Run-Time Environment 9.8 -2021-06-16
CVE-2020-12494 Beckhoff TwinCAT RT 信息泄露漏洞 — TwinCat Driver for Intel 8254x (Tcl8254x.sys) 5.3 Medium2020-06-16
CVE-2020-10685 Ansible 安全漏洞 — Ansible 5.0 Medium2020-05-11
CVE-2019-5011 CleanMyMac X 输入验证错误漏洞 — CleanMyMac X 5.5 -2019-03-21

CWE-459(清理环节不完整) 是常见的弱点类别,本平台收录该类弱点关联的 56 条 CVE 漏洞。