目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-805 使用不正确的长度值访问缓冲区 类漏洞列表 36

CWE-805 使用不正确的长度值访问缓冲区 类弱点 36 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-805 属于缓冲区访问长度值错误漏洞。当程序使用顺序操作读写缓冲区时,若使用了错误的长度值,会导致访问超出缓冲区边界的内存。攻击者通常利用此缺陷触发缓冲区溢出,从而执行恶意代码或造成拒绝服务。开发者应避免此类问题,需确保长度值严格匹配缓冲区实际大小,并在进行内存操作前进行严格的边界检查和验证。

MITRE CWE 官方描述
CWE:CWE-805 使用错误长度值进行缓冲区访问 (Buffer Access with Incorrect Length Value) 英文:产品使用顺序操作来读取或写入缓冲区,但使用了错误的长度值,导致其访问超出缓冲区边界的内存。 当长度值超过目标缓冲区的大小时,可能会发生缓冲区溢出 (Buffer Overflow)。
常见影响 (2)
Integrity, Confidentiality, AvailabilityRead Memory, Modify Memory, Execute Unauthorized Code or Commands
Buffer overflows often can be used to execute arbitrary code, which is usually outside the scope of a program's implicit security policy. This can often be used to subvert any other security service.
AvailabilityModify Memory, DoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU)
Buffer overflows generally lead to crashes. Other attacks leading to lack of availability are possible, including putting the program into an infinite loop.
缓解措施 (5)
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, many languages that perform their own memory management, such as Java and Perl, are not subject to buffer overflows. Other languages, such as Ada and C#, typically provide overflow protection, but the protection can be disabled by the programmer. Be wary that a lan…
Architecture and DesignUse a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. Examples include the Safe C String Library (SafeStr) by Messier and Viega [REF-57], and the Strsafe.h library from Microsoft [REF-56]. These libraries provide safer versions of overflow-prone string-handling functions.
Operation, Build and CompilationUse automatic buffer overflow detection mechanisms that are offered by certain compilers or compiler extensions. Examples include: the Microsoft Visual Studio /GS flag, Fedora/Red Hat FORTIFY_SOURCE GCC flag, StackGuard, and ProPolice, which provide various mechanisms including canary-based detection and range/index checking. D3-SFCV (Stack Frame Canary Validation) from D3FEND [REF-1334] discusses…
Effectiveness: Defense in Depth
ImplementationConsider adhering to the following rules when allocating and managing an application's memory: Double check that the buffer is as large as specified. When using functions that accept a number of bytes to copy, such as strncpy(), be aware that if the destination buffer size is equal to the source buffer size, it may not NULL-terminate the string. Check buffer boundaries if accessing the buffer in a…
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server.
代码示例 (2)
This example takes an IP address from a user, verifies that it is well formed and then looks up the hostname and copies it into a buffer.
void host_lookup(char *user_supplied_addr){ struct hostent *hp; in_addr_t *addr; char hostname[64]; in_addr_t inet_addr(const char *cp); /*routine that ensures user_supplied_addr is in the right format for conversion */ validate_addr_form(user_supplied_addr); addr = inet_addr(user_supplied_addr); hp = gethostbyaddr( addr, sizeof(struct in_addr), AF_INET); strcpy(hostname, hp->h_name); }
Bad · C
In the following example, it is possible to request that memcpy move a much larger segment of memory than assumed:
int returnChunkSize(void *) { /* if chunk info is valid, return the size of usable memory, * else, return -1 to indicate an error */ ... } int main() { ... memcpy(destBuf, srcBuf, (returnChunkSize(destBuf)-1)); ... }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2026-34002 Xwayland键盘映射越界读取信息泄露或拒绝服务漏洞 — Red Hat Enterprise Linux 10 6.1 Medium2026-05-05
CVE-2026-6245 Red Hat System Security Services Daemon 安全漏洞 — Red Hat Enterprise Linux 10 5.5 Medium2026-04-15
CVE-2026-20033 Cisco Nexus 9000 Series Fabric Switches 安全漏洞 — Cisco NX-OS System Software in ACI Mode 7.4 High2026-02-25
CVE-2026-20010 Cisco NX-OS Software 安全漏洞 — Cisco NX-OS Software 7.4 High2026-02-25
CVE-2026-1837 libjxl 安全漏洞 — libjxl 8.1 -2026-02-11
CVE-2026-0716 libsoup 安全漏洞 — Red Hat Enterprise Linux 10 4.8 Medium2026-01-13
CVE-2025-7048 Arista EOS 安全漏洞 — EOS 4.3 Medium2026-01-06
CVE-2025-36463 Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞 — BCM5820X 7.3 High2025-11-17
CVE-2025-36462 Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞 — BCM5820X 7.3 High2025-11-17
CVE-2025-36461 Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞 — BCM5820X 7.3 High2025-11-17
CVE-2025-36460 Dell ControlVault3和Dell ControlVault3 Plus 安全漏洞 — BCM5820X 7.3 High2025-11-17
CVE-2025-20360 Cisco多款产品 安全漏洞 — Cisco Cyber Vision 5.8 Medium2025-10-15
CVE-2025-20315 Cisco IOS XE 安全漏洞 — Cisco IOS XE Software 8.6 High2025-09-24
CVE-2025-38743 Dell iDRAC Service Module 安全漏洞 — iDRAC Service Module (iSM) 7.8 High2025-08-21
CVE-2025-23319 NVIDIA Triton Inference Server 安全漏洞 — Triton Inference Server 8.1 High2025-08-06
CVE-2025-23318 NVIDIA Triton Inference Server 安全漏洞 — Triton Inference Server 8.1 High2025-08-06
CVE-2025-20202 Cisco IOS XE Wireless Controller Software 安全漏洞 — Cisco IOS XE Software 7.4 High2025-05-07
CVE-2025-20191 Cisco多款产品 安全漏洞 — Cisco NX-OS Software 7.4 High2025-05-07
CVE-2025-30651 Juniper Networks Junos OS和Juniper Networks Junos OS Evolved 安全漏洞 — Junos OS 7.5 High2025-04-09
CVE-2025-21591 Juniper Networks Junos OS 安全漏洞 — Junos OS 7.4 High2025-04-09
CVE-2025-20169 Cisco IOS、Cisco IOS XE和Cisco IOS XR 安全漏洞 — IOS 7.7 High2025-02-05
CVE-2024-0131 NVIDIA GPU kernel driver 安全漏洞 — NVIDIA GPU Display Driver, vGPU software 4.4 Medium2025-02-02
CVE-2024-24851 AutomationDirect P3-550E 安全漏洞 — P3-550E 7.5 High2024-05-28
CVE-2024-3933 Eclipse OpenJ9 安全漏洞 — Open J9 5.3 Medium2024-05-27
CVE-2023-5396 Honeywell Experion Server 安全漏洞 — Experion Server 7.4 High2024-04-17
CVE-2024-20294 Cisco NX-OS Software和Cisco FXOS Software安全漏洞 — Cisco NX-OS Software 6.6 Medium2024-02-28
CVE-2022-47375 编号已被CVE保留 — SIMATIC PC-Station Plus 7.5 High2023-12-12
CVE-2023-20049 Cisco ASR 9000 Series 缓冲区错误漏洞 — Cisco IOS XR Software 8.6 High2023-03-09
CVE-2022-34399 Dell Alienware 缓冲区错误漏洞 — CPG BIOS 5.1 Medium2023-01-18
CVE-2022-0519 Radareorg Radare2 缓冲区错误漏洞 — radareorg/radare2 7.8 -2022-02-08

CWE-805(使用不正确的长度值访问缓冲区) 是常见的弱点类别,本平台收录该类弱点关联的 36 条 CVE 漏洞。