目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-771 对活跃已分配资源丧失索引 类漏洞列表 4

CWE-771 对活跃已分配资源丧失索引 类弱点 4 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-771 属于资源管理漏洞,指程序未正确维护已分配资源的引用,导致资源无法被回收。攻击者可通过反复分配资源而不释放,耗尽系统内存或句柄,从而引发拒绝服务。开发者应避免在不再需要资源时保留无效引用,确保及时释放内存或关闭文件描述符,并合理处理垃圾回收机制,以防止资源泄漏。

MITRE CWE 官方描述
CWE:CWE-771 Missing Reference to Active Allocated Resource(缺少对已分配活跃资源的引用) 英文:产品未能正确维护对已分配资源的引用,从而导致该资源无法被回收。 在自动执行垃圾回收(Garbage Collection)的语言或框架中,此问题不一定适用,因为移除所有引用可能作为资源已准备好被回收的信号。
常见影响 (1)
AvailabilityDoS: Resource Consumption (Other)
An attacker that can influence the allocation of resources that are not properly maintained could deplete the available resource pool and prevent all other processes from accessing the same type of resource.
缓解措施 (1)
Operation, Architecture and DesignUse resource-limiting settings provided by the operating system or environment. For example, when managing system resources in POSIX, setrlimit() can be used to set limits for certain types of resources, and getrlimit() can determine how many resources are available. However, these functions are not available on all operating systems. When the current levels get close to the maximum that is define…
CVE ID标题CVSS风险等级Published
CVE-2026-20004 Cisco IOS XE Software 安全漏洞 — Cisco IOS XE Software 7.4 High2026-03-25
CVE-2024-56343 IBM Verify Identity Access Digital Credentials 安全漏洞 — Verify Identity Access Digital Credentials 4.3 Medium2025-06-06
CVE-2023-20244 Cisco Firepower Threat Defense 安全漏洞 — Cisco Firepower Threat Defense Software 8.6 High2023-11-01
CVE-2021-34720 Cisco IOS XR 安全漏洞 — Cisco IOS XR Software 8.6 High2021-09-09

CWE-771(对活跃已分配资源丧失索引) 是常见的弱点类别,本平台收录该类弱点关联的 4 条 CVE 漏洞。