目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1000

100.0%
请我们喝杯咖啡

CWE-826 类漏洞列表 4

CWE-826 类弱点 4 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-826属于资源管理缺陷,指程序在预期生命周期内过早释放资源。攻击者利用此漏洞,通过触发提前释放导致后续访问无效指针或空引用,从而引发拒绝服务或程序崩溃。开发者应避免此类问题,需严格管理资源生命周期,确保仅在确认不再需要时才执行释放操作,并防止在释放后仍保留对资源的引用。

MITRE CWE 官方描述
CWE:CWE-826 预期生命周期内过早释放资源 英文:产品释放了一个仍打算由自身或其他参与者使用的资源。 此弱点侧重于那些产品本不应释放资源,但却执行了释放操作的情况。这与另一种弱点不同,在另一种弱点中,产品在适当的时间释放了资源,但仍保留对该资源的引用,并在后续访问该资源。对于此弱点,资源在后续访问时仍应保持有效。当产品释放了仍在使用的资源时,可能会对该资源执行操作,而该资源可能在此期间被重新利用,从而导致类似 CWE-825 的问题。后果可能包括拒绝服务(Denial of Service)、信息泄露或代码执行。
常见影响 (3)
ConfidentialityRead Application Data, Read Memory
If the released resource is subsequently reused or reallocated, then a read operation on the original resource might access sensitive data that is associated with a different user or entity.
AvailabilityDoS: Crash, Exit, or Restart
When the resource is released, the software might modify some of its structure, or close associated channels (such as a file descriptor). When the software later accesses the resource as if it is valid, the resource might not be in an expected state, leading to resultant errors that may lead to a cr…
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands, Modify Application Data, Modify Memory
When the resource is released, the software might modify some of its structure. This might affect logic in the sections of code that still assume the resource is active. If the released resource is related to memory and is used in a function call, or points to unexpected data in a write operation, t…
CVE ID标题CVSS风险等级Published
CVE-2024-58249 wxWidgets 安全漏洞 — wxWidgets 3.7 Low2025-04-16
CVE-2025-24912 hostapd 安全漏洞 — hostapd 3.1 -2025-03-12
CVE-2024-51727 Ruijie Networks ReyeeOS 安全漏洞 — Reyee OS 6.5 Medium2024-12-06
CVE-2023-1297 HashiCorp Consul 安全漏洞 — Consul 4.9 Medium2023-06-02

CWE-826 是常见的弱点类别,本平台收录该类弱点关联的 4 条 CVE 漏洞。