目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-590 释放并不在堆上的内存 类漏洞列表 15

CWE-590 释放并不在堆上的内存 类弱点 15 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-590属于内存管理漏洞,指程序对非堆内存(如栈变量或静态数据)调用free()函数。攻击者可通过构造特定输入触发此错误,导致内存管理结构损坏,进而引发程序崩溃或远程代码执行。开发者应严格区分内存分配方式,确保仅对通过malloc、calloc等堆分配函数获取的指针执行释放操作,并避免对栈上变量进行手动释放。

MITRE CWE 官方描述
CWE:CWE-590 释放非堆内存(Free of Memory not on the Heap) 该产品对未使用关联的堆分配函数(如 malloc()、calloc() 或 realloc())分配的内存指针调用了 free()。 当对无效指针调用 free() 时,程序的内存管理数据结构可能会遭到损坏。这种损坏可能导致程序崩溃,或在某些情况下,攻击者可能能够利用 free() 操作可控的内存位置,从而修改关键程序变量或执行代码。
常见影响 (1)
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands, Modify Memory
There is the potential for arbitrary code execution with privileges of the vulnerable program via a "write, what where" primitive. If pointers to memory which hold user information are freed, a malicious user will be able to write 4 bytes anywhere in memory.
缓解措施 (4)
ImplementationOnly free pointers that you have called malloc on previously. This is the recommended solution. Keep track of which pointers point at the beginning of valid chunks and free them only once.
ImplementationBefore freeing a pointer, the programmer should make sure that the pointer was previously allocated on the heap and that the memory belongs to the programmer. Freeing an unallocated pointer will cause undefined behavior in the program.
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, glibc in Linux provides protection against free of invalid pointers.
Architecture and DesignUse a language that provides abstractions for memory allocation and deallocation.
代码示例 (1)
In this example, an array of record_t structs, bar, is allocated automatically on the stack as a local variable and the programmer attempts to call free() on the array. The consequences will vary based on the implementation of free(), but it will not succeed in deallocating the memory.
void foo(){ record_t bar[MAX_SIZE]; /* do something interesting with bar */ ... free(bar); }
Bad · C
record_t bar[MAX_SIZE]; //Global var void foo(){ /* do something interesting with bar */ ... free(bar); }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-20810 Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞 — Windows 10 Version 1809 7.8 High2026-01-13
CVE-2025-54899 Microsoft Excel 安全漏洞 — Microsoft 365 Apps for Enterprise 7.8 High2025-09-09
CVE-2025-42996 SAP MDM Server 安全漏洞 — SAP MDM Server 5.6 Medium2025-06-10
CVE-2025-42995 SAP MDM Server 安全漏洞 — SAP MDM Server 7.5 High2025-06-10
CVE-2025-42994 多款产品安全漏洞 — SAP MDM Server 7.5 High2025-06-10
CVE-2025-5899 GNU PSPP 安全漏洞 — PSPP 5.3 Medium2025-06-09
CVE-2025-32911 libsoup 安全漏洞 9.0 Critical2025-04-15
CVE-2023-22291 Ichitaro 2022 安全漏洞 — Ichitaro 7.0 High2023-04-05
CVE-2023-25565 GSS-NTLMSSP 安全漏洞 — gss-ntlmssp 7.5 High2023-02-14
CVE-2022-31627 PHP 缓冲区错误漏洞 — PHP 7.7 High2022-07-28
CVE-2022-31625 PHP 安全漏洞 — PHP 8.1 High2022-06-16
CVE-2021-3939 Canonical Ubuntu 安全漏洞 — accountsservice 7.8 High2021-11-17
CVE-2021-42377 Busybox 安全漏洞 — busybox 8.8 -2021-11-15
CVE-2021-39218 Wasmtime 缓冲区错误漏洞 — wasmtime 6.3 Medium2021-09-17
CVE-2020-6016 ValveSoftware GameNetworkingSockets 缓冲区错误漏洞 — Game Networking Sockets 9.8 -2020-11-18

CWE-590(释放并不在堆上的内存) 是常见的弱点类别,本平台收录该类弱点关联的 15 条 CVE 漏洞。