目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-469 使用指针的减法来确定大小 类漏洞列表 1

CWE-469 使用指针的减法来确定大小 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-469 属于指针算术错误漏洞。当开发者通过减去两个指针来计算缓冲区大小时,若这两个指针不属于同一内存块,计算结果将不准确,可能导致缓冲区越界读写。攻击者可利用此缺陷触发内存破坏,进而执行任意代码或导致服务崩溃。开发者应避免跨内存块进行指针减法,改用显式长度参数或标准库函数来管理内存大小,确保计算逻辑的严谨性与安全性。

MITRE CWE 官方描述
CWE:CWE-469 使用指针减法来确定大小 英文:产品通过从一个指针中减去另一个指针来确定大小,但如果指针不在同一内存块(memory chunk)中,此计算可能会出错。
常见影响 (1)
Access Control, Integrity, Confidentiality, AvailabilityModify Memory, Read Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity
There is the potential for arbitrary code execution with privileges of the vulnerable program.
缓解措施 (1)
ImplementationSave an index variable. This is the recommended solution. Rather than subtract pointers from one another, use an index variable of the same size as the pointers in question. Use this variable to "walk" from one pointer to the other and calculate the difference. Always validate this number.
代码示例 (1)
The following example contains the method size that is used to determine the number of nodes in a linked list. The method is passed a pointer to the head of the linked list.
struct node { int data; struct node* next; }; // Returns the number of nodes in a linked list from // the given pointer to the head of the list. int size(struct node* head) { struct node* current = head; struct node* tail; while (current != NULL) { tail = current; current = current->next; } return tail - head; } // other methods for manipulating the list ...
Bad · C
... int size(struct node* head) { struct node* current = head; int count = 0; while (current != NULL) { count++; current = current->next; } return count; }
Good · C
CVE ID标题CVSS风险等级Published
CVE-2019-25595 jetAudio 安全漏洞 — jetAudio 6.2 Medium2026-03-22

CWE-469(使用指针的减法来确定大小) 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。