目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-787 跨界内存写 类漏洞列表 2200

CWE-787 跨界内存写 类弱点 2200 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-787 越界写入是一种严重的内存安全漏洞,指程序向缓冲区边界之外或起始位置之前写入数据。攻击者利用此缺陷可覆盖相邻内存,导致程序崩溃、数据损坏,甚至通过精心构造的 payload 实现任意代码执行,从而完全控制目标系统。开发者应避免此类风险,需严格实施边界检查,使用安全的内存管理函数,启用编译器防护机制,并遵循最小权限原则,确保所有内存访问均在合法范围内。

MITRE CWE 官方描述
CWE:CWE-787 Out-of-bounds Write 英文:The product writes data past the end, or before the beginning, of the intended buffer. 译文:产品将数据写入预期缓冲区(buffer)的末尾之外或起始位置之前。
常见影响 (3)
IntegrityModify Memory, Execute Unauthorized Code or Commands
Write operations could cause memory corruption. In some cases, an adversary can modify control data such as return addresses in order to execute unexpected code.
AvailabilityDoS: Crash, Exit, or Restart
Attempting to access out-of-range, invalid, or unauthorized memory could cause the product to crash.
OtherUnexpected State
Subsequent write operations can produce undefined or unexpected results.
缓解措施 (5)
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer. Be wary that a lan…
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Operation, Build and CompilationUse automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking. D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses…
Effectiveness: Defense in Depth
ImplementationConsider adhering to the following rules when allocating and managing an application's memory: Double check that the buffer is as large as specified. When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string. Check buffer boundaries if accessing the buffer in a…
Operation, Build and CompilationRun or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code. Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported…
Effectiveness: Defense in Depth
代码示例 (2)
The following code attempts to save four different identification numbers into an array.
int id_sequence[3]; /* Populate the id array. */ id_sequence[0] = 123; id_sequence[1] = 234; id_sequence[2] = 345; id_sequence[3] = 456;
Bad · C
In the following code, it is possible to request that memcpy move a much larger segment of memory than assumed:
int returnChunkSize(void *) { /* if chunk info is valid, return the size of usable memory, * else, return -1 to indicate an error */ ... } int main() { ... memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1)); ... }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2025-54275 Adobe Substance3D Viewer 缓冲区错误漏洞 — Substance3D - Viewer 5.5 Medium2025-10-14
CVE-2025-54280 Adobe Substance3D Viewer 缓冲区错误漏洞 — Substance3D - Viewer 7.8 High2025-10-14
CVE-2025-22833 AMI APTIOV 安全漏洞 — AptioV 7.8AIHighAI2025-10-14
CVE-2025-22832 AMI AptioV 安全漏洞 — AptioV 7.1AIHighAI2025-10-14
CVE-2025-22831 AMI APTIOV 安全漏洞 — AptioV 7.1AIHighAI2025-10-14
CVE-2025-9178 Rockwell Automation 1715-AENTR EtherNet/IP Adapter 安全漏洞 — 1715-AENTR EtherNet/IP Adapter 7.5AIHighAI2025-10-14
CVE-2025-40810 Siemens Solid Edge SE2025和Siemens Solid Edge SE2024 缓冲区错误漏洞 — Solid Edge SE2024 7.8 High2025-10-14
CVE-2025-40809 Siemens Solid Edge SE2025和Siemens Solid Edge SE2024 缓冲区错误漏洞 — Solid Edge SE2024 7.8 High2025-10-14
CVE-2025-20716 MediaTek Chipsets 安全漏洞 — MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986 6.7AIMediumAI2025-10-14
CVE-2025-20715 MediaTek Chipsets 安全漏洞 — MT6890, MT7615, MT7622, MT7663, MT7915, MT7916, MT7981, MT7986 6.7AIMediumAI2025-10-14
CVE-2025-20723 MediaTek Chipsets 安全漏洞 — MT6835, MT6878, MT6886, MT6897, MT6899, MT6985, MT6989, MT6991, MT8676, MT8678, MT8775, MT8791T, MT8796, MT8873 6.7AIMediumAI2025-10-14
CVE-2025-20721 MediaTek Chipsets 安全漏洞 — MT6886, MT6897, MT6899, MT6985, MT6989, MT6991, MT8195, MT8196, MT8370, MT8390, MT8395, MT8792, MT8793 6.7AIMediumAI2025-10-14
CVE-2025-20711 MediaTek Chipsets 安全漏洞 — MT6890, MT7916, MT7981, MT7986 8.8AIHighAI2025-10-14
CVE-2025-61859 Fuji Electric V-SFT 缓冲区错误漏洞 — V-SFT 7.8 High2025-10-10
CVE-2025-61857 Fuji Electric V-SFT 缓冲区错误漏洞 — V-SFT 7.8 High2025-10-10
CVE-2025-61858 Fuji Electric V-SFT 缓冲区错误漏洞 — V-SFT 7.8 High2025-10-10
CVE-2025-47355 Qualcomm Chipsets 缓冲区错误漏洞 — Snapdragon 7.8 High2025-10-09
CVE-2025-47340 Qualcomm Chipsets 缓冲区错误漏洞 — Snapdragon 7.8 High2025-10-09
CVE-2025-27054 Qualcomm Chipsets 缓冲区错误漏洞 — Snapdragon 7.8 High2025-10-09
CVE-2025-59733 OpenEXR 安全漏洞 — FFmpeg 7.1AIHighAI2025-10-06
CVE-2025-59732 OpenEXR 安全漏洞 — FFmpeg 7.1AIHighAI2025-10-06
CVE-2025-59731 OpenEXR 安全漏洞 — FFmpeg 7.8AIHighAI2025-10-06
CVE-2025-59730 FFmpeg 安全漏洞 — FFmpeg 9.8AICriticalAI2025-10-06
CVE-2025-59729 FFmpeg 安全漏洞 — FFmpeg 3.3AILowAI2025-10-06
CVE-2025-59728 FFmpeg 安全漏洞 — MPEG-DASH 9.8AICriticalAI2025-10-06
CVE-2025-44014 QNAP Qsync Central 缓冲区错误漏洞 — Qsync Central 9.1 -2025-10-03
CVE-2025-59300 Delta Electronics DIAScreen 安全漏洞 — DIAScreen 7.8 -2025-10-03
CVE-2025-59299 Delta Electronics DIAScreen 安全漏洞 — DIAScreen 7.8 -2025-10-03
CVE-2025-59298 Delta Electronics DIAScreen 安全漏洞 — DIAScreen 7.8 -2025-10-03
CVE-2025-59297 Delta Electronics DIAScreen 安全漏洞 — DIAScreen 7.8 -2025-10-03

CWE-787(跨界内存写) 是常见的弱点类别,本平台收录该类弱点关联的 2200 条 CVE 漏洞。