CWE-467 在指针类型上使用sizeof() 类弱点 2 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-467 属于内存管理缺陷。当开发者误对指针而非其指向的数据使用 sizeof 时,仅获取指针本身大小而非数据实际大小,导致缓冲区计算错误。攻击者可利用此漏洞触发缓冲区溢出,进而执行任意代码或导致程序崩溃。开发者应确保 sizeof 作用于具体数组或结构体,而非指针变量,以准确计算内存需求,防止此类逻辑错误。
double *foo; ... foo = (double *)malloc(sizeof(foo));double *foo; ... foo = (double *)malloc(sizeof(*foo));/* Ignore CWE-259 (hard-coded password) and CWE-309 (use of password system for authentication) for this example. */ char *username = "admin"; char *pass = "password"; int AuthenticateUser(char *inUser, char *inPass) { printf("Sizeof username = %d\n", sizeof(username)); printf("Sizeof pass = %d\n", sizeof(pass)); if (strncmp(username, inUser, sizeof(username))) { printf("Auth failure of username using sizeof\n"); return(AUTH_FAIL); } /* Because of CWE-467, the sizeof returns 4 on many platforms and architectures. */ if (! strncmp(pass, inPass, sizeof(pass))) { printf("Auth success of password pass5 passABCDEFGH passWORD| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2025-33132 | IBM DB2 High Performance Unload 安全漏洞 — DB2 High Performance Unload | 6.5 | Medium | 2025-10-27 |
| CVE-2020-1638 | Juniper Networks Junos OS和Junos OS Evolved 输入验证错误漏洞 — Junos OS | 7.5 | High | 2020-04-08 |
CWE-467(在指针类型上使用sizeof()) 是常见的弱点类别,本平台收录该类弱点关联的 2 条 CVE 漏洞。