目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-684 特定函数功能的不正确供给 类漏洞列表 25

CWE-684 特定函数功能的不正确供给 类弱点 25 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-684属于功能提供错误类漏洞,指代码未按公开规范正确实现功能。攻击者常利用文档缺失或歧义,通过发送非预期参数或触发未记录的行为,诱导系统产生异常状态,进而执行特权操作或绕过安全限制。开发者应避免此类风险,需严格遵循规范实现逻辑,完善接口文档以消除歧义,并实施严格的输入验证与边界检查,确保功能行为与预期一致。

MITRE CWE 官方描述
CWE:CWE-684 Incorrect Provision of Specified Functionality(未正确提供指定功能) 英文:The code does not function according to its published specifications, potentially leading to incorrect usage.(代码未按照其公开规格运行,可能导致使用不当。) When providing functionality to an external party, it is important that the product behaves in accordance with the details specified. When requirements of nuances are not documented, the functionality may produce unintended behaviors for the caller, possibly leading to an exploitable state.(向外部方提供功能时,确保产品行为符合所指定的细节至关重要。如果未记录细微差别的需求,该功能可能会为调用者产生非预期的行为,从而导致可利用的状态。)
常见影响 (1)
OtherQuality Degradation
缓解措施 (1)
ImplementationEnsure that your code strictly conforms to specifications.
代码示例 (2)
In the following snippet from a doPost() servlet method, the server returns "200 OK" (default) even if an error occurs.
try { // Something that may throw an exception. ... } catch (Throwable t) { logger.error("Caught: " + t.toString()); return; }
Bad · Java
In the following example, an HTTP 404 status code is returned in the event of an IOException encountered in a Java servlet. A 404 code is typically meant to indicate a non-existent resource and would be somewhat misleading in this case.
try { // something that might throw IOException ... } catch (IOException ioe) { response.sendError(SC_NOT_FOUND); }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2026-44597 Tor <0.4.9.7越界读漏洞 — Tor 3.7 Low2026-05-07
CVE-2026-40685 Exim <4.99.2 JSON查找越界堆写入漏洞 — Exim 6.5 Medium2026-04-30
CVE-2026-40684 Exim <4.99.2 DNS解析崩溃漏洞 — Exim 5.9 Medium2026-04-30
CVE-2026-42255 Technitium DNS Server 安全漏洞 — DnsServer 7.2 High2026-04-26
CVE-2026-35381 uutils coreutils 安全漏洞 — coreutils 3.3 Low2026-04-22
CVE-2026-35379 uutils coreutils 安全漏洞 — coreutils 3.3 Low2026-04-22
CVE-2026-34478 Apache Log4j 安全漏洞 — Apache Log4j Core 8.2AIHighAI2026-04-10
CVE-2025-66384 MISP 安全漏洞 — MISP 8.2 High2025-11-28
CVE-2025-55174 KDE Applications 安全漏洞 — Skanpage 3.2 Low2025-11-26
CVE-2025-58325 Fortinet FortiOS 安全漏洞 — FortiOS 7.8 High2025-10-14
CVE-2025-54568 Akamai Rate Control 安全漏洞 — Rate Control 3.7 Low2025-07-25
CVE-2025-54567 QEMU 安全漏洞 — QEMU 4.2 Medium2025-07-25
CVE-2025-47227 Scriptcase 安全漏洞 — ScriptCase 7.5 High2025-07-05
CVE-2024-50357 Century Systems FutureNet NXR 安全漏洞 — FutureNet NXR-G110 series 9.8AICriticalAI2024-11-29
CVE-2024-5005 GitLab 安全漏洞 — GitLab 4.3 Medium2024-10-11
CVE-2024-8974 Gitlab EE/CE 安全漏洞 — GitLab 2.6 Low2024-09-26
CVE-2024-20317 Cisco IOS XR 安全漏洞 — Cisco IOS XR Software 7.4 High2024-09-11
CVE-2024-6502 GitLab Enterprise Edition和GitLab Community Edition 安全漏洞 — GitLab 5.7 Medium2024-08-22
CVE-2024-6425 MESbook 安全漏洞 — MESbook 9.1 Critical2024-07-01
CVE-2023-5363 OpenSSL 安全漏洞 — OpenSSL 5.3 -2023-10-24
CVE-2023-4258 Zephyr 安全漏洞 — Zephyr 8.6 High2023-09-25
CVE-2023-5158 Linux Kernel 安全漏洞 — kernel 6.5 Medium2023-09-25
CVE-2023-24845 Siemens RUGGEDCOM 安全漏洞 — RUGGEDCOM i800 9.1 Critical2023-08-08
CVE-2022-23728 LG Smartphone 安全漏洞 — LG mobile devices 6.1 -2022-01-21
CVE-2020-11054 qutebrowser 安全漏洞 — qutebrowser 3.5 Low2020-05-07

CWE-684(特定函数功能的不正确供给) 是常见的弱点类别,本平台收录该类弱点关联的 25 条 CVE 漏洞。