目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-763 对无效指针或索引的释放 类漏洞列表 21

CWE-763 对无效指针或索引的释放 类弱点 21 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-763指释放无效指针或引用漏洞,属于内存管理错误。当程序使用不兼容的函数释放内存,或错误调用释放例程时发生。攻击者可利用此缺陷触发内存损坏,进而导致程序崩溃、数据泄露或远程代码执行。开发者应确保内存分配与释放机制严格匹配,避免混用不同来源的内存管理函数,并加强代码审查以消除此类不一致性。

MITRE CWE 官方描述
CWE:CWE-763 释放无效指针或引用 (Release of Invalid Pointer or Reference) 英文:产品试图将内存资源返回给系统,但调用了错误的释放函数或不正确地调用了适当的释放函数。 这种弱点可以表现为多种形式,例如:内存通过一种内存管理方法(显式或隐式)分配,但使用不同的、不兼容的函数进行释放(CWE-762)。所选的函数调用或内存管理例程是适当的,但它们被不正确地使用,例如在 CWE-761 中所述。
常见影响 (1)
Integrity, Availability, ConfidentialityModify Memory, DoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands
This weakness may result in the corruption of memory, and perhaps instructions, possibly leading to a crash. If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code.
缓解措施 (4)
ImplementationOnly call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
ImplementationWhen programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, glibc in Linux provides protection against free of invalid pointers.
Architecture and DesignUse a language that provides abstractions for memory allocation and deallocation.
代码示例 (2)
This code attempts to tokenize a string and place it into an array using the strsep function, which inserts a \0 byte in place of whitespace or a tab character. After finishing the loop, each string in the AP array points to a location within the input string.
char **ap, *argv[10], *inputstring; for (ap = argv; (*ap = strsep(&inputstring, " \t")) != NULL;) if (**ap != '\0') if (++ap >= &argv[10]) break; /.../ free(ap[4]);
Bad · C
This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.
void foo(){ BarObj *ptr = new BarObj() /* do some work with ptr here */ ... free(ptr); }
Bad · C++
void foo(){ BarObj *ptr = new BarObj() /* do some work with ptr here */ ... delete ptr; }
Good · C++
CVE ID标题CVSS风险等级Published
CVE-2025-65116 Hitachi Job Management Partner 安全漏洞 — JP1/IT Desktop Management 2 - Manager 5.5 Medium2026-04-07
CVE-2018-25243 FastTube 安全漏洞 — FastTube 6.2 Medium2026-04-04
CVE-2026-22770 ImageMagick 安全漏洞 — ImageMagick 6.5 Medium2026-01-20
CVE-2025-14233 Canon多款产品 安全漏洞 — Satera LBP670C Series 9.8 Critical2026-01-15
CVE-2025-48768 Apache NuttX 安全漏洞 — Apache NuttX RTOS 9.1 -2026-01-01
CVE-2025-13824 Rockwell Automation多款产品 安全漏洞 — Micro820®, Micro850®, Micro870® 7.5AIHighAI2025-12-15
CVE-2025-11838 WatchGuard Fireware OS 安全漏洞 — Fireware OS 7.5AIHighAI2025-12-04
CVE-2025-47329 Qualcomm Chipsets 安全漏洞 — Snapdragon 7.8 High2025-09-24
CVE-2025-25215 Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞 — BCM5820X 8.8 High2025-06-13
CVE-2025-30379 Microsoft Excel 安全漏洞 — Microsoft 365 Apps for Enterprise 7.8 High2025-05-13
CVE-2023-4883 Open5GS 安全漏洞 — Open5GS 7.5 High2023-10-03
CVE-2023-0459 Linux kernel 安全漏洞 — Linux Kernel 6.5 Medium2023-05-25
CVE-2022-4696 Linux kernel 资源管理错误漏洞 — Linux Kernel 7.8 High2023-01-11
CVE-2022-41691 F5 BIG-IP Advanced WAF/ASM 安全漏洞 — BIG-IP Advanced WAF & ASM 7.5 High2022-10-19
CVE-2022-2521 LibTIFF 安全漏洞 — libtiff 6.5 -2022-08-31
CVE-2021-3682 QEMU 安全漏洞 — QEMU 8.0 -2021-08-05
CVE-2021-22760 IGSS Definition 安全漏洞 — IGSS Definition (Def.exe) V15.0.0.21140 and prior 7.8 -2021-06-11
CVE-2021-24028 Facebook Thrift 安全漏洞 — Facebook Thrift 9.8 -2021-04-13
CVE-2021-21401 Nanopb 安全漏洞 — nanopb 7.1 High2021-03-23
CVE-2020-5139 SonicWall SonicOS SSLVPN NACagent 安全漏洞 — SonicOS 7.5 -2020-10-12
CVE-2019-11930 Facebook HHVM 输入验证错误漏洞 — HHVM 9.8 -2019-12-04

CWE-763(对无效指针或索引的释放) 是常见的弱点类别,本平台收录该类弱点关联的 21 条 CVE 漏洞。