目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-672 在过期或释放后对资源进行操作 类漏洞列表 28

CWE-672 在过期或释放后对资源进行操作 类弱点 28 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-672属于资源使用后未正确释放或过期的漏洞。攻击者常利用此缺陷,在资源被回收或失效后继续访问,从而引发内存损坏、数据泄露或拒绝服务。开发者应避免在资源释放后引用其指针,确保在生命周期结束时彻底清理引用,并实施严格的访问控制与状态检查,防止对已过期资源的非法操作。

MITRE CWE 官方描述
CWE:CWE-672 在资源过期或释放后进行操作 英文:The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.
常见影响 (2)
Integrity, ConfidentialityModify Application Data, Read Application Data
If a released resource is subsequently reused or reallocated, then an attempt to use the original resource might allow access to sensitive data that is associated with a different user or entity.
Other, AvailabilityOther, DoS: Crash, Exit, or Restart
When a resource is released it might not be in an expected state, later attempts to access the resource may lead to resultant errors that may lead to a crash.
代码示例 (2)
The following code shows a simple example of a use after free error:
char* ptr = (char*)malloc (SIZE); if (err) { abrt = 1; free(ptr); } ... if (abrt) { logError("operation aborted before commit", ptr); }
Bad · C
The following code shows a simple example of a double free error:
char* ptr = (char*)malloc (SIZE); ... if (abrt) { free(ptr); } ... free(ptr);
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2013-10075 Apache::Session <=1.94 会话管理漏洞 — Apache::Session--2026-05-08
CVE-2026-43585 OpenClaw < 2026.4.15 Bearer Token验证绕过漏洞 — OpenClaw 8.1 High2026-05-06
CVE-2026-1629 Mattermost 安全漏洞 — Mattermost 4.3 Medium2026-03-16
CVE-2026-31875 Parse Server 安全漏洞 — parse-server 8.1AIHighAI2026-03-11
CVE-2026-1237 Juju 安全漏洞 — juju 8.8AIHighAI2026-01-28
CVE-2025-69415 Plex media server 安全漏洞 — Media Server 7.1 High2026-01-02
CVE-2025-55669 F5 BIG-IP 安全漏洞 — BIG-IP 7.5 High2025-10-15
CVE-2025-10060 MongoDB Server 安全漏洞 — MongoDB Server 6.5 Medium2025-09-05
CVE-2025-53901 Bytecode Alliance Wasmtime 安全漏洞 — wasmtime 3.5 Low2025-07-18
CVE-2025-6031 Amazon Cloud Cam 安全漏洞 — Cloud Cam 7.5 High2025-06-12
CVE-2025-2517 OpenText ArcSight Enterprise Security Manager 安全漏洞 — ArcSight Enterprise Security Manager 9.8 -2025-04-21
CVE-2025-30351 Directus 安全漏洞 — directus 3.5 Low2025-03-26
CVE-2025-21117 Dell Avamar 安全漏洞 — Avamar 6.6 Medium2025-02-05
CVE-2024-47571 Fortinet FortiManager 安全漏洞 — FortiManager 7.9 High2025-01-14
CVE-2025-22149 JWK Set 安全漏洞 — jwkset 9.1 -2025-01-09
CVE-2024-4693 QEMU 安全漏洞 5.5 Medium2024-05-10
CVE-2023-48220 Decidim 安全漏洞 — decidim 5.7 Medium2024-02-20
CVE-2024-23332 Notary Project Specifications 安全漏洞 — specifications 4.0 Medium2024-01-19
CVE-2021-42778 OpenSC 资源管理错误漏洞 — opensc 5.3 -2022-04-18
CVE-2022-22197 Juniper Networks Junos OS和Junos OS Evolved 安全漏洞 — Junos OS 7.5 High2022-04-14
CVE-2021-37204 Siemens SIMATIC S7-1500系列产品输入验证错误漏洞 — SIMATIC Drive Controller family 7.5 High2022-02-09
CVE-2021-37185 Siemens SIMATIC S7-1500 系列产品输入验证错误漏洞 — SIMATIC Drive Controller family 7.5 High2022-02-09
CVE-2020-15270 Parse Server 安全漏洞 — parse-server 4.3 Medium2020-10-22
CVE-2019-17638 Eclipse Jetty 安全漏洞 — Eclipse Jetty 9.4 -2020-07-09
CVE-2020-12043 Baxter Spectrum WBM 安全漏洞 — Baxter Sigma Spectrum Infusion Pumps 9.1 -2020-06-29
CVE-2020-11027 WordPress 授权问题漏洞 — WordPress 6.1 Medium2020-04-30
CVE-2019-15794 Linux kernel 安全漏洞 — Linux kernel 7.1 High2020-04-23
CVE-2019-15791 Linux kernel 数字错误漏洞 — Shiftfs in the Linux kernel 7.1 High2020-04-23

CWE-672(在过期或释放后对资源进行操作) 是常见的弱点类别,本平台收录该类弱点关联的 28 条 CVE 漏洞。