目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-606 循环条件输入未经检查 类漏洞列表 16

CWE-606 循环条件输入未经检查 类弱点 16 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-606 属于输入验证缺陷,指程序未对用于循环条件的输入进行充分检查。攻击者通常通过构造恶意输入,触发无限循环或过度迭代,从而导致系统资源耗尽,引发拒绝服务攻击。开发者应避免直接使用不可信数据控制循环,需在循环前验证输入范围,或设置最大迭代次数上限,以确保程序逻辑的安全性与稳定性。

MITRE CWE 官方描述
CWE:CWE-606 循环条件未检查输入 英文:产品未对用于循环条件的输入进行适当检查,可能由于过度循环导致拒绝服务(Denial of Service, DoS)或其他后果。
常见影响 (1)
AvailabilityDoS: Resource Consumption (CPU)
缓解措施 (2)
ImplementationDo not use user-controlled data for loop conditions.
ImplementationPerform input validation.
代码示例 (2)
The following example demonstrates the weakness.
void iterate(int n){ int i; for (i = 0; i < n; i++){ foo(); } } void iterateFoo() { unsigned int num; scanf("%u",&num); iterate(num); }
Bad · C
In the following C/C++ example the method processMessageFromSocket() will get a message from a socket, placed into a buffer, and will parse the contents of the buffer into a structure that contains the message length and the message body. A for loop is used to copy the message body into a local character string which will be passed to another method for processing.
int processMessageFromSocket(int socket) { int success; char buffer[BUFFER_SIZE]; char message[MESSAGE_SIZE]; // get message from socket and store into buffer //Ignoring possibliity that buffer > BUFFER_SIZE if (getMessage(socket, buffer, BUFFER_SIZE) > 0) { // place contents of the buffer into message structure ExMessage *msg = recastBuffer(buffer); // copy message body into string for processing int index; for (index = 0; index < msg->msgLength; index++) { message[index] = msg->msgBody[index]; } message[index] = '\0'; // process message success = processMessage(message); } return success; }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-1519 ISC BIND 9 安全漏洞 — BIND 9 7.5 High2026-03-25
CVE-2019-25624 Pixarra Liquid Studio 安全漏洞 — Liquid Studio 6.2 Medium2026-03-23
CVE-2026-27689 SAP Supply Chain Management 安全漏洞 — SAP Supply Chain Management 7.7 High2026-03-10
CVE-2026-23689 SAP Supply Chain Management 安全漏洞 — SAP Supply Chain Management 7.7 High2026-02-10
CVE-2025-43801 Liferay Portal和Liferay DXP 安全漏洞 — Portal 7.5AIHighAI2025-09-16
CVE-2025-42930 SAP Business Planning and Consolidation 安全漏洞 — SAP Business Planning and Consolidation 6.5 Medium2025-09-09
CVE-2024-13931 ABB多款产品 安全漏洞 — ASPECT-Enterprise 7.2 High2025-05-22
CVE-2024-13930 ABB多款产品 安全漏洞 — ASPECT-Enterprise 4.9 Medium2025-05-22
CVE-2025-32399 RT-Labs P-Net 安全漏洞 — P-Net 5.3 Medium2025-05-07
CVE-2024-8508 NLnet Unbound 安全漏洞 — Unbound 5.3 Medium2024-10-03
CVE-2024-4603 OpenSSL 安全漏洞 — OpenSSL 7.5AIHighAI2024-05-16
CVE-2023-6237 OpenSSL 安全漏洞 — OpenSSL 7.5 -2024-04-25
CVE-2023-5678 OpenSSL 代码问题漏洞 — OpenSSL 5.3 -2023-11-06
CVE-2023-3817 OpenSSL 安全漏洞 — OpenSSL 7.5 -2023-07-31
CVE-2023-3446 OpenSSL 安全漏洞 — OpenSSL 7.5 -2023-07-19
CVE-2022-3252 Apple SwiftNIO Extras 安全漏洞 — SwiftNIO Extras 7.5 -2022-09-21

CWE-606(循环条件输入未经检查) 是常见的弱点类别,本平台收录该类弱点关联的 16 条 CVE 漏洞。