CWE-680 整数溢出导致缓冲区溢出 类弱点 85 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-680 是一种整数溢出导致缓冲区溢出的漏洞。当程序计算内存分配大小时发生整数溢出,会导致实际分配的内存小于预期,进而引发缓冲区溢出。攻击者通常利用此漏洞通过精心构造的输入触发溢出,从而执行恶意代码或破坏系统稳定性。开发者应避免此类问题,需在使用整数进行内存计算时进行边界检查,确保结果在合理范围内,并使用安全的内存分配函数。
img_t table_ptr; /*struct containing img data, 10kB each*/ int num_imgs; ... num_imgs = get_num_imgs(); table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs); ...| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-24928 | Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS | 5.8 | Medium | 2026-02-06 |
| CVE-2026-25541 | Bytes 安全漏洞 — bytes | 9.4AI | CriticalAI | 2026-02-04 |
| CVE-2025-46407 | SAIL 安全漏洞 — SAIL Image Decoding Library | 8.8 | High | 2025-08-25 |
| CVE-2025-32468 | SAIL 安全漏洞 — SAIL Image Decoding Library | 8.8 | High | 2025-08-25 |
| CVE-2025-53510 | SAIL 安全漏洞 — SAIL Image Decoding Library | 8.8 | High | 2025-08-25 |
| CVE-2025-52930 | SAIL 安全漏洞 — SAIL Image Decoding Library | 8.8 | High | 2025-08-25 |
| CVE-2025-52456 | SAIL 安全漏洞 — SAIL Image Decoding Library | 8.8 | High | 2025-08-25 |
| CVE-2025-20263 | Cisco Secure Firewall Adaptive Security Appliance和Cisco Secure Firewall Threat Defense 安全漏洞 — Cisco Adaptive Security Appliance (ASA) Software | 8.6 | High | 2025-08-14 |
| CVE-2025-23326 | NVIDIA Triton Inference Server 安全漏洞 — Triton Inference Server | 7.5 | High | 2025-08-06 |
| CVE-2025-54623 | Huawei HarmonyOS 安全漏洞 — HarmonyOS | 6.3 | Medium | 2025-08-06 |
| CVE-2025-32023 | Redis 安全漏洞 — redis | 7.0 | High | 2025-07-07 |
| CVE-2024-48877 | Catdoc 安全漏洞 — xls2csv | 8.4 | High | 2025-06-02 |
| CVE-2025-21442 | Qualcomm Chipsets 安全漏洞 — Snapdragon | 7.8 | High | 2025-04-07 |
| CVE-2024-58107 | Huawei HarmonyOS 安全漏洞 — HarmonyOS | 7.5 | High | 2025-04-07 |
| CVE-2024-57956 | Huawei HarmonyOS 安全漏洞 — HarmonyOS | 2.8 | Low | 2025-02-06 |
| CVE-2024-56451 | Huawei HarmonyOS 安全漏洞 — HarmonyOS | 7.3 | High | 2025-01-08 |
| CVE-2024-55626 | Suricata 安全漏洞 — suricata | 3.3 | Low | 2025-01-06 |
| CVE-2024-38422 | Qualcomm Chipsets 安全漏洞 — Snapdragon | 7.8 | High | 2024-11-04 |
| CVE-2024-6381 | MongoDB 安全漏洞 — libbson | 4.0 | Medium | 2024-07-02 |
| CVE-2024-21470 | Qualcomm Chipsets 安全漏洞 — Snapdragon | 8.4 | High | 2024-04-01 |
| CVE-2024-21454 | Qualcomm Chipsets 安全漏洞 — Snapdragon | 7.5 | High | 2024-04-01 |
| CVE-2022-36765 | EDK2 安全漏洞 — edk2 | 7.0 | High | 2024-01-09 |
| CVE-2023-33022 | Qualcomm Chipsets 安全漏洞 — Snapdragon | 8.4 | High | 2023-12-05 |
| CVE-2023-33018 | Qualcomm Chipsets 安全漏洞 — Snapdragon | 7.8 | High | 2023-12-05 |
| CVE-2023-28585 | Qualcomm Chipsets 安全漏洞 — Snapdragon | 8.2 | High | 2023-12-05 |
| CVE-2023-21644 | Qualcomm Chipsets 输入验证错误漏洞 — Snapdragon | 6.7 | Medium | 2023-09-05 |
| CVE-2023-21648 | Qualcomm Chipsets 缓冲区错误漏洞 — Snapdragon | 6.7 | Medium | 2023-08-08 |
| CVE-2022-33296 | Qualcomm Chipsets 输入验证错误漏洞 — Snapdragon | 5.9 | Medium | 2023-04-04 |
| CVE-2022-33282 | Qualcomm Chipsets 输入验证错误漏洞 — Snapdragon | 8.4 | High | 2023-04-04 |
| CVE-2022-40530 | Google Android 输入验证错误漏洞 — Snapdragon | 8.4 | High | 2023-03-07 |
CWE-680(整数溢出导致缓冲区溢出) 是常见的弱点类别,本平台收录该类弱点关联的 85 条 CVE 漏洞。