CWE-1284 类漏洞列表 151

CWE-1284 类弱点 151 条 CVE 漏洞汇总，含 AI 中文分析。

CWE-1284属于输入验证缺陷，指程序未正确校验输入中指定的数量属性。攻击者常通过提交异常数值（如极大长度或频率）触发资源耗尽、计算错误或逻辑越界，导致服务拒绝或系统崩溃。开发者应实施严格的边界检查，确保输入数量符合预期范围，并在分配资源或控制循环前进行有效性验证，从而防止因非法数量引发的安全风险。

MITRE CWE 官方描述

CWE：CWE-1284 输入中指定数量的验证不当英文：产品接收预期用于指定数量（如大小或长度）的输入，但未对该数量是否具有所需属性进行验证或进行了错误的验证。指定的数量包括大小、长度、频率、价格、速率、操作次数、时间等。代码可能依赖指定的数量来分配资源、执行计算、控制迭代等。

常见影响 (1)

Other, Integrity, AvailabilityVaries by Context, DoS: Resource Consumption (CPU), Modify Memory, Read Memory

When the quantity is not properly validated, then attackers can specify malicious quantities to cause excessive resource allocation, trigger unexpected failures, enable buffer overflows, etc.

缓解措施 (1)

ImplementationAssume all input is malicious. Use an "accept known good" input validation strategy, i.e., use a list of acceptable inputs that strictly conform to specifications. Reject any input that does not strictly conform to specifications, or transform it into something that does. When performing input validation, consider all potentially relevant properties, including length, type of input, the full range…

Effectiveness: High

代码示例 (2)

This example demonstrates a shopping interaction in which the user is free to specify the quantity of items to be purchased and a total is calculated.

... public static final double price = 20.00; int quantity = currentUser.getAttribute("quantity"); double total = price * quantity; chargeUser(total); ...

Bad · Java

This example asks the user for a height and width of an m X n game board with a maximum dimension of 100 squares.

... #define MAX_DIM 100 ... /* board dimensions */ int m,n, error; board_square_t *board; printf("Please specify the board height: \n"); error = scanf("%d", &m); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } printf("Please specify the board width: \n"); error = scanf("%d", &n); if ( EOF == error ){ die("No integer passed: Die evil hacker!\n"); } if ( m > MAX_DIM || n > MAX_DIM ) { die("Value too large: Die evil hacker!\n"); } board = (board_square_t*) malloc( m * n * sizeof(board_square_t)); ...

Bad · C

CVE ID	タイトル	CVSS	深刻度	公開日
CVE-2026-47329	Incorrect validation of field size in Ubuntu Linux AppArmor notification responses — Ubuntu Linux	3.3	Low	2026-05-28
CVE-2026-9801	Keycloak: keycloak: denial of service via malformed ldap password policy response — Red Hat Build of Keycloak	4.9	Medium	2026-05-28
CVE-2026-7254	Open BMC Denial of Service — OPENBMC	-	-	2026-05-27
CVE-2026-9704	Keycloak: keycloak: privilege escalation due to oversized subject_token jwt — Red Hat Build of Keycloak	6.8	Medium	2026-05-27
CVE-2026-3676	There are multiple vulnerabilities in IBM DB2 bundled with IBM Application Performance Management products. — Cloud APM, Base Private	6.5	Medium	2026-05-27
CVE-2026-42744	WordPress Ads by WPQuads plugin <= 3.0.2 - Bypass Vulnerability vulnerability — Ads by WPQuads	6.5	Medium	2026-05-27
CVE-2026-42732	WordPress Ads by WPQuads plugin <= 3.0.2 - Broken Authentication vulnerability — Ads by WPQuads	6.5	Medium	2026-05-27
CVE-2026-42013	Gnutls: gnutls: certificate validation bypass due to oversized subject alternative name — Red Hat Enterprise Linux 10	8.2	High	2026-05-26
CVE-2026-5260	Gnutls: gnutls: information disclosure via heap overread in rsa key exchange — Red Hat Enterprise Linux 10	8.2	High	2026-05-26
CVE-2026-8047	Out-of-bounds Write in CODESYS Control — CODESYS Control RTE (SL)	7.5	High	2026-05-26
CVE-2025-15645	Ledger Nano X, Flex, Stax MCU Firmware Update Denial of Service — Ledger Nano X	4.6	Medium	2026-05-19
CVE-2026-8813	ExifReader 安全漏洞 — exifreader	7.5	High	2026-05-19
CVE-2026-44826	Vvveb: Vvveb CMS — Negative-quantity cart manipulation allows creation of orders with negative grand totals — Vvveb	7.5	High	2026-05-15
CVE-2025-66660	AMD Graphics Driver 安全漏洞 — AMD Radeon™ RX 6000 Series Graphics Products	-	-	2026-05-15
CVE-2026-0428	AMD Graphics Driver 安全漏洞 — AMD Instinct™ MI300A	-	-	2026-05-15
CVE-2025-14869	Improper Validation of Specified Quantity in Input in GitLab — GitLab	7.5	High	2026-05-14
CVE-2026-44459	Hono: Improper validation of NumericDate claims (exp, nbf, iat) in JWT verify() — hono	3.8	Low	2026-05-13
CVE-2026-25863	Conditional Fields for Contact Form 7 < 2.7.3 DoS via Uncontrolled Resource Consumption — Conditional Fields for Contact Form 7	7.5	High	2026-05-04
CVE-2025-14688	IBM® Db2® is vulnerable to a denial of service when fetching from certain tables under specific configurations — Db2	5.3	Medium	2026-04-30
CVE-2026-6915	Flaw in the updateUser Command May Allow Unauthorized Configuration Change — MongoDB Server	6.3	Medium	2026-04-29
CVE-2026-1352	IBM® Db2® is vulnerable to a trap or return SQLCODE -901 when compiling a specially crafted query with a defined index — Db2	6.5	Medium	2026-04-22
CVE-2026-6839	ONE 安全漏洞 — ONE	6.6	Medium	2026-04-22
CVE-2026-41285	OpenBSD 安全漏洞 — OpenBSD	4.3	Medium	2026-04-20
CVE-2026-2403	Schneider Electric PowerChute Serial Shutdown 安全漏洞 — PowerChute™ Serial Shutdown	2.7	-	2026-04-14
CVE-2025-3756	Denial of Service Vulnerabilities in System 800xA, Symphony® Plus IEC 61850 — AC800M (System 800xA)	6.5	Medium	2026-04-13
CVE-2026-40093	nimiq-blockchain is missing a wall-clock upper bound on block timestamps — core-rs-albatross	8.1	High	2026-04-09
CVE-2025-12664	Improper Validation of Specified Quantity in Input in GitLab — GitLab	7.5	High	2026-04-08
CVE-2026-1092	Improper Validation of Specified Quantity in Input in GitLab — GitLab	7.5	High	2026-04-08
CVE-2026-1101	Improper Validation of Specified Quantity in Input in GitLab — GitLab	6.5	Medium	2026-04-08
CVE-2025-13078	Improper Validation of Specified Quantity in Input in GitLab — GitLab	6.5	Medium	2026-03-25

CWE-1284 是常见的弱点类别，本平台收录该类弱点关联的 151 条 CVE 漏洞。

目標達成 すべての支援者に感謝 — 100%達成しました！

CWE-1284 类漏洞列表 151

目標達成すべての支援者に感謝 — 100%達成しました！