目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-124 缓冲区下溢 类漏洞列表 32

CWE-124 缓冲区下溢 类弱点 32 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-124 缓冲区下溢是一种内存破坏漏洞,指程序通过索引或指针向缓冲区起始地址之前的内存位置写入数据。攻击者利用此缺陷可覆盖关键数据结构或控制流信息,从而引发程序崩溃或执行任意代码。开发者应避免使用未经验证的负索引,实施严格的边界检查,并采用支持自动内存安全检测的现代编程语言或库,以从根本上防止此类越界写入行为。

MITRE CWE 官方描述
CWE:CWE-124 缓冲区下溢(Buffer Underwrite ('Buffer Underflow')) 英文:产品使用引用缓冲区起始位置之前内存位置的索引或指针向缓冲区写入数据。
常见影响 (3)
Integrity, AvailabilityModify Memory, DoS: Crash, Exit, or Restart
Out of bounds memory access will very likely result in the corruption of relevant memory, and perhaps instructions, possibly leading to a crash.
Integrity, Confidentiality, Availability, Access Control, OtherExecute Unauthorized Code or Commands, Modify Memory, Bypass Protection Mechanism, Other
If the corrupted memory can be effectively controlled, it may be possible to execute arbitrary code. If the corrupted memory is data rather than instructions, the system will continue to function with improper changes, possibly in violation of an implicit or explicit policy. The consequences would o…
Access Control, OtherBypass Protection Mechanism, Other
When the consequence is arbitrary code execution, this can often be used to subvert any other security service.
缓解措施 (2)
RequirementsChoose a language that is not susceptible to these issues.
ImplementationAll calculated values that are used as index or for pointer arithmetic should be validated to ensure that they are within an expected range.
代码示例 (2)
In the following C/C++ example, a utility function is used to trim trailing whitespace from a character string. The function copies the input string to a local character string and uses a while statement to remove the trailing whitespace by moving backward through the string and overwriting whitespace with a NUL character.
char* trimTrailingWhitespace(char *strMessage, int length) { char *retMessage; char *message = malloc(sizeof(char)*(length+1)); // copy input string to a temporary string char message[length+1]; int index; for (index = 0; index < length; index++) { message[index] = strMessage[index]; } message[index] = '\0'; // trim trailing whitespace int len = index-1; while (isspace(message[len])) { message[len] = '\0'; len--; } // return string without trailing whitespace retMessage = message; return retMessage; }
Bad · C
The following is an example of code that may result in a buffer underwrite. This code is attempting to replace the substring "Replace Me" in destBuf with the string stored in srcBuf. It does so by using the function strstr(), which returns a pointer to the found substring in destBuf. Using pointer arithmetic, the starting index of the substring is found.
int main() { ... char *result = strstr(destBuf, "Replace Me"); int idx = result - destBuf; strcpy(&destBuf[idx], srcBuf); ... }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2018-15361 UltraVNC 缓冲区错误漏洞 — UltraVNC 9.8 -2019-03-05
CVE-2018-5388 strongSwan 缓冲区错误漏洞 — strongSwan 6.5 -2018-05-31

CWE-124(缓冲区下溢) 是常见的弱点类别,本平台收录该类弱点关联的 32 条 CVE 漏洞。