目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-761 释放一个不在缓冲区起始位置的指针 类漏洞列表 1

CWE-761 释放一个不在缓冲区起始位置的指针 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-761属于内存管理漏洞,指程序对非缓冲区起始地址的指针调用free()函数。攻击者常利用此缺陷导致程序崩溃,或在特定条件下篡改关键变量甚至执行恶意代码。开发者应避免修改堆分配内存的原始指针,确保free()仅作用于malloc等函数返回的初始地址,从而防止内存破坏风险。

MITRE CWE 官方描述
CWE:CWE-761 释放非缓冲区起始位置的指针(Free of Pointer not at Start of Buffer) 英文:产品对指向堆上分配的内存资源的指针调用了 free() 函数,但该指针并非指向缓冲区的起始位置。 这可能导致产品崩溃,或在某些情况下修改关键程序变量或执行代码。当内存通过 malloc() 系列函数之一在堆上显式分配,并随后调用 free() 时,若指针算术运算导致指针指向缓冲区内部或末尾,则常会出现此弱点。
常见影响 (1)
Integrity, Availability, ConfidentialityModify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands
缓解措施 (4)
ImplementationWhen utilizing pointer arithmetic to traverse a buffer, use a separate variable to track progress through memory and preserve the originally allocated address for later freeing.
ImplementationWhen programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, glibc in Linux provides protection against free of invalid pointers.
Architecture and DesignUse a language that provides abstractions for memory allocation and deallocation.
代码示例 (2)
In this example, the programmer dynamically allocates a buffer to hold a string and then searches for a specific character. After completing the search, the programmer attempts to release the allocated memory and return SUCCESS or FAILURE to the caller. Note: for simplification, this example uses a hard-coded "Search Me!" string and a constant string length of 20.
#define SUCCESS (1) #define FAILURE (0) int contains_char(char c){ char *str; str = (char*)malloc(20*sizeof(char)); strcpy(str, "Search Me!"); while( *str != NULL){ if( *str == c ){ /* matched char, free string and return success */ free(str); return SUCCESS; } /* didn't match yet, increment pointer and try next char */ str = str + 1; } /* we did not match the char in the string, free mem and return failure */ free(str); return FAILURE; }
Bad · C
#define SUCCESS (1) #define FAILURE (0) int cointains_char(char c){ char *str; int i = 0; str = (char*)malloc(20*sizeof(char)); strcpy(str, "Search Me!"); while( i < strlen(str) ){ if( str[i] == c ){ /* matched char, free string and return success */ free(str); return SUCCESS; } /* didn't match yet, increment pointer and try next char */ i = i + 1; } /* we did not match the char in the string, free mem and return failure */ free(str); return FAILURE; }
Good · C
This code attempts to tokenize a string and place it into an array using the strsep function, which inserts a \0 byte in place of whitespace or a tab character. After finishing the loop, each string in the AP array points to a location within the input string.
char **ap, *argv[10], *inputstring; for (ap = argv; (*ap = strsep(&inputstring, " \t")) != NULL;) if (**ap != '\0') if (++ap >= &argv[10]) break; /.../ free(ap[4]);
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2025-47749 Fuji Electric V-SFT 安全漏洞 — V-SFT 7.8 High2025-05-19

CWE-761(释放一个不在缓冲区起始位置的指针) 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。