目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-704 不正确的类型转换 类漏洞列表 52

CWE-704 不正确的类型转换 类弱点 52 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-704指不正确的类型转换或强制转换漏洞,属于逻辑错误类缺陷。当程序未能正确将对象或数据结构从一种类型转换为另一种类型时,可能导致数据损坏或意外行为。攻击者通常利用此漏洞通过构造特定输入,触发错误的类型处理逻辑,从而引发崩溃、数据泄露或执行恶意代码。开发者应避免使用不安全的强制转换,确保类型转换前后数据完整性,并实施严格的输入验证与类型检查机制,以消除潜在风险。

MITRE CWE 官方描述
CWE:CWE-704 Incorrect Type Conversion or Cast(不正确的类型转换或强制类型转换) 英文:The product does not correctly convert an object, resource, or structure from one type to a different type. 译文:该产品未能正确地将对象、资源或结构从一种类型转换为另一种类型。
常见影响 (1)
OtherOther
代码示例 (2)
In this example, depending on the return value of accecssmainframe(), the variable amount can hold a negative value when it is returned. Because the function is declared to return an unsigned value, amount will be implicitly cast to an unsigned number.
unsigned int readdata () { int amount = 0; ... amount = accessmainframe(); ... return amount; }
Bad · C
The following code uses a union to support the representation of different types of messages. It formats messages differently, depending on their type.
#define NAME_TYPE 1 #define ID_TYPE 2 struct MessageBuffer { int msgType; union { char *name; int nameID; }; }; int main (int argc, char **argv) { struct MessageBuffer buf; char *defaultMessage = "Hello World"; buf.msgType = NAME_TYPE; buf.name = defaultMessage; printf("Pointer of buf.name is %p\n", buf.name); /* This particular value for nameID is used to make the code architecture-independent. If coming from untrusted input, it could be any value. */ buf.nameID = (int)(defaultMessage + 1); printf("Pointer of buf.name is now %p\n", buf.name); if (buf.msgType == NAME_TYPE) { printf("Message: %
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-40613 Coturn 安全漏洞 — coturn 7.5 High2026-04-21
CVE-2026-34379 OpenEXR 安全漏洞 — openexr 7.1 High2026-04-06
CVE-2021-4456 MetaCPAN Net::CIDR::Set 安全漏洞 — Net::CIDR 9.8 -2026-02-27
CVE-2025-40541 SolarWinds Serv-U 代码问题漏洞 — Serv-U 9.1 Critical2026-02-24
CVE-2025-40540 SolarWinds Serv-U 代码问题漏洞 — Serv-U 9.1 Critical2026-02-24
CVE-2025-40539 SolarWinds Serv-U 代码问题漏洞 — Serv-U 9.1 Critical2026-02-24
CVE-2026-25613 MongoDB Server 安全漏洞 — MongoDB Server 6.5 Medium2026-02-10
CVE-2026-25503 iccDEV 安全漏洞 — iccDEV 7.1 High2026-02-03
CVE-2026-22041 Logging Redactor 安全漏洞 — loggingredactor 9.1 -2026-01-08
CVE-2025-13720 Google Chrome 安全漏洞 — Chrome 8.8AIHighAI2025-12-02
CVE-2025-62494 QuickJS 安全漏洞 — QuickJS 9.8AICriticalAI2025-10-16
CVE-2025-54429 Polkadot Frontier 代码问题漏洞 — frontier 7.5AIHighAI2025-07-28
CVE-2025-41648 Pilz IndustrialPI 代码问题漏洞 — IndustrialPI 4 with IndustrialPI webstatus 9.8 Critical2025-07-01
CVE-2025-41646 KUNBUS Revolution Pi 代码问题漏洞 — Revolution Pi webstatus 9.8 Critical2025-06-06
CVE-2024-43058 Qualcomm Chipsets 代码问题漏洞 — Snapdragon 7.8 High2025-04-07
CVE-2025-1057 Keylime 代码问题漏洞 4.3 Medium2025-03-15
CVE-2025-20072 Mattermost Mobile Apps 安全漏洞 — Mattermost 6.5 Medium2025-01-16
CVE-2025-21088 Mattermost 代码问题漏洞 — Mattermost 6.5 Medium2025-01-15
CVE-2024-47181 Contiki-NG 代码问题漏洞 — contiki-ng 7.5 High2024-11-27
CVE-2024-39590 OpenPLC 代码问题漏洞 — OpenPLC_v3 7.5 High2024-09-18
CVE-2024-39589 OpenPLC 代码问题漏洞 — OpenPLC_v3 7.5 High2024-09-18
CVE-2024-35303 Siemens Tecnomatix Plant Simulation 代码问题漏洞 — Tecnomatix Plant Simulation V2302 7.8 High2024-06-11
CVE-2024-21478 Qualcomm 芯片 安全漏洞 — Snapdragon 6.2 Medium2024-06-03
CVE-2024-5436 Snapchat 安全漏洞 — Snapchat Lenscore 8.8 -2024-05-31
CVE-2024-28130 OFFIS DCMTK 代码问题漏洞 — DCMTK 7.5 High2024-04-23
CVE-2023-33101 Qualcomm Chipsets 安全漏洞 — Snapdragon 7.5 High2024-04-01
CVE-2023-6249 zephyr 安全漏洞 — Zephyr 8.0 High2024-02-18
CVE-2023-45204 Siemens Tecnomatix Plant Simulation 代码问题漏洞 — Tecnomatix Plant Simulation V2201 7.8 High2023-10-10
CVE-2023-21651 Qualcomm 芯片 代码问题漏洞 — Snapdragon 9.3 Critical2023-08-08
CVE-2023-21638 Qualcomm Chipsets 代码问题漏洞 — Snapdragon 6.7 Medium2023-07-04

CWE-704(不正确的类型转换) 是常见的弱点类别,本平台收录该类弱点关联的 52 条 CVE 漏洞。