目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-682 数值计算不正确 类漏洞列表 42

CWE-682 数值计算不正确 类弱点 42 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-682属于逻辑计算错误漏洞,指软件在执行关键计算时产生非预期结果。攻击者常利用此缺陷操纵资源分配或权限判定,从而绕过安全控制或引发拒绝服务。开发者应避免使用浮点数进行精确比较,严格验证输入范围,并在涉及安全决策的计算环节引入冗余校验机制,确保逻辑严密性与数值准确性。

MITRE CWE 官方描述
CWE:CWE-682 Incorrect Calculation 英文:The product performs a calculation that generates incorrect or unintended results that are later used in security-critical decisions or resource management. When product performs a security-critical calculation incorrectly, it might lead to incorrect resource allocations, incorrect privilege assignments, or failed comparisons among other things. Many of the direct results of an incorrect calculation can lead to even larger problems such as failed protection mechanisms or even arbitrary code execution.
常见影响 (4)
AvailabilityDoS: Crash, Exit, or Restart
If the incorrect calculation causes the program to move into an unexpected state, it may lead to a crash or impairment of service.
Integrity, Confidentiality, AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (Other), Execute Unauthorized Code or Commands
If the incorrect calculation is used in the context of resource allocation, it could lead to an out-of-bounds operation (CWE-119) leading to a crash or even arbitrary code execution. Alternatively, it may result in an integer overflow (CWE-190) and / or a resource consumption problem (CWE-400).
Access ControlGain Privileges or Assume Identity
In the context of privilege or permissions assignment, an incorrect calculation can provide an attacker with access to sensitive resources.
Access ControlBypass Protection Mechanism
If the incorrect calculation leads to an insufficient comparison (CWE-697), it may compromise a protection mechanism such as a validation routine and allow an attacker to bypass the security-critical code.
缓解措施 (5)
ImplementationUnderstand your programming language's underlying representation and how it interacts with numeric calculation. Pay close attention to byte size discrepancies, precision, signed/unsigned distinctions, truncation, conversion and casting between types, "not-a-number" calculations, and how your language handles numbers that are too large or too small for its underlying representation.
ImplementationPerform input validation on any numeric input by ensuring that it is within the expected range. Enforce that the input meets both the minimum and maximum requirements for the expected range.
ImplementationUse the appropriate type for the desired action. For example, in C/C++, only use unsigned types for values that could never be negative, such as height, width, or other numbers related to quantity.
Architecture and DesignUse languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences. Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
Architecture and DesignUse languages, libraries, or frameworks that make it easier to handle numbers without unexpected consequences. Examples include safe integer handling packages such as SafeInt (C++) or IntegerLib (C or C++).
代码示例 (2)
The following image processing code allocates a table for images.
img_t table_ptr; /*struct containing img data, 10kB each*/ int num_imgs; ... num_imgs = get_num_imgs(); table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs); ...
Bad · C
This code attempts to calculate a football team's average number of yards gained per touchdown.
... int touchdowns = team.getTouchdowns(); int yardsGained = team.getTotalYardage(); System.out.println(team.getName() + " averages " + yardsGained / touchdowns + "yards gained for every touchdown scored"); ...
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-44498 斑马计价器Coinbase和P2SH签名操作计数偏低 — zebra--2026-05-08
CVE-2026-1229 CIRCL 安全漏洞 — CIRCL 7.5AIHighAI2026-02-24
CVE-2026-24783 soroban-fixed-point-math 安全漏洞 — soroban-fixed-point-math 7.5 High2026-01-27
CVE-2026-21911 Juniper Junos OS Evolved 安全漏洞 — Junos OS Evolved 6.5 Medium2026-01-15
CVE-2025-59047 Matrix Rust SDK 安全漏洞 — matrix-rust-sdk 7.5AIHighAI2025-09-11
CVE-2025-54427 Polkadot Frontier 代码问题漏洞 — frontier--AI2025-07-28
CVE-2025-5372 libssh 安全漏洞 — libssh 5.0 Medium2025-07-04
CVE-2025-0036 AMD Versal Adaptive SoC 安全漏洞 — Versal Adaptive SoC Devices 3.2 Low2025-06-09
CVE-2025-26622 Vyper 安全漏洞 — vyper--2025-02-21
CVE-2024-11407 gRPC 安全漏洞 — gRPC-C++ 7.5AIHighAI2024-11-26
CVE-2024-45056 ZKsync Era 安全漏洞 — era-compiler-solidity 5.9 Medium2024-08-29
CVE-2024-6287 Linaro Trusted Firmware-A 安全漏洞 — rcar_gen3_v2.5 7.5 High2024-06-24
CVE-2024-32873 Evmos 安全漏洞 — evmos 3.5 Low2024-06-06
CVE-2024-34704 ZKsync Era 安全漏洞 — era-compiler-solidity 5.9 Medium2024-05-13
CVE-2023-35642 Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞 — Windows 10 Version 1809 6.5 Medium2023-12-12
CVE-2023-35641 Microsoft Windows Internet Connection Sharing (ICS) 安全漏洞 — Windows 10 Version 1809 8.8 High2023-12-12
CVE-2023-42460 Vyper 安全漏洞 — vyper 5.3 Medium2023-09-26
CVE-2023-2163 Linux kernel 安全漏洞 — Linux Kernel 10.0 Critical2023-09-20
CVE-2023-2423 Rockwell Automation Armor PowerFlex 安全漏洞 — Armor PowerFlex 8.6 High2023-08-08
CVE-2023-28431 Frontier 安全漏洞 — frontier 7.5 High2023-03-22
CVE-2023-1296 HashiCorp Nomad 安全漏洞 — Nomad 2.7 Low2023-03-14
CVE-2023-26488 OpenZeppelin 安全漏洞 — openzeppelin-contracts 6.5 Medium2023-03-03
CVE-2022-36795 F5 BIG-IP 安全漏洞 — BIG-IP 5.3 Medium2022-10-19
CVE-2022-39242 Frontier 安全漏洞 — frontier 5.3 Medium2022-09-24
CVE-2022-31198 OpenZeppelin 安全漏洞 — openzeppelin-contracts 7.5 High2022-08-01
CVE-2022-23001 Western Digital Sweet B 安全漏洞 — Sweet B Library 5.3 Medium2022-07-29
CVE-2022-31169 Wasmtime 安全漏洞 — wasmtime 5.9 Medium2022-07-21
CVE-2022-31104 Wasmtime 安全漏洞 — wasmtime 4.8 Medium2022-06-27
CVE-2022-30600 Moodle 安全漏洞 — moodle 8.2 -2022-05-18
CVE-2022-23066 Solana Rbpf 安全漏洞 — rbpf 9.1 Critical2022-05-09

CWE-682(数值计算不正确) 是常见的弱点类别,本平台收录该类弱点关联的 42 条 CVE 漏洞。