目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-129 对数组索引的验证不恰当 类漏洞列表 187

CWE-129 对数组索引的验证不恰当 类弱点 187 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-129 属于数组索引验证不当漏洞,指程序使用不可信输入计算数组索引时,未进行有效校验或校验逻辑错误,导致索引越界。攻击者通常通过构造恶意输入,使索引指向非法内存位置,从而引发缓冲区溢出、数据篡改或拒绝服务攻击。开发者应严格验证输入数据的范围,确保其始终处于数组合法边界内,并采用安全的边界检查机制,从源头阻断越界访问风险。

MITRE CWE 官方描述
CWE:CWE-129 数组索引验证不当 (Improper Validation of Array Index) 英文:产品在计算或使用数组索引时使用了不可信输入 (untrusted input),但未对索引进行验证或验证不正确,未能确保该索引引用数组内的有效位置 (valid position)。
常见影响 (5)
Integrity, AvailabilityDoS: Crash, Exit, or Restart
Use of an index that is outside the bounds of an array will very likely result in the corruption of relevant memory and perhaps instructions, leading to a crash, if the values are outside of the valid memory area.
IntegrityModify Memory
If the memory corrupted is data, rather than instructions, the system will continue to function with improper values.
Confidentiality, IntegrityModify Memory, Read Memory
Use of an index that is outside the bounds of an array can also trigger out-of-bounds read or write operations, or operations on the wrong objects; i.e., "buffer overflows" are not always the result. This may result in the exposure or modification of sensitive data.
Integrity, Confidentiality, AvailabilityExecute Unauthorized Code or Commands
If the memory accessible by the attacker can be effectively controlled, it may be possible to execute arbitrary code, as with a standard buffer overflow and possibly without the use of large inputs if a precise index can be controlled.
Integrity, Availability, ConfidentialityDoS: Crash, Exit, or Restart, Execute Unauthorized Code or Commands, Read Memory, Modify Memory
A single fault could allow either an overflow (CWE-788) or underflow (CWE-786) of the array index. What happens next will depend on the type of operation being performed out of bounds, but can expose sensitive information, cause a system crash, or possibly lead to arbitrary code execution.
缓解措施 (5)
Architecture and DesignUse an input validation framework such as Struts or the OWASP ESAPI Validation API. Note that using a framework does not automatically address all input validation problems; be mindful of weaknesses that could arise from misusing the framework itself (CWE-1173).
Architecture and DesignFor any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid CWE-602. Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server. Even though clien…
RequirementsUse a language that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, Ada allows the programmer to constrain the values of a variable and languages such as Java and Ruby will allow the programmer to handle exceptions when an out-of-bounds index is accessed.
Operation, Build and CompilationRun or compile the software using features or extensions that randomly arrange the positions of a program's executable and libraries in memory. Because this makes the addresses unpredictable, it can prevent an attacker from reliably jumping to exploitable code. Examples include Address Space Layout Randomization (ASLR) [REF-58] [REF-60] and Position-Independent Executables (PIE) [REF-64]. Imported…
Effectiveness: Defense in Depth
OperationUse a CPU and operating system that offers Data Execution Protection (using hardware NX or XD bits) or the equivalent techniques that simulate this feature in software, such as PaX [REF-60] [REF-61]. These techniques ensure that any instruction executed is exclusively at a memory address that is part of the code segment. For more information on these techniques see D3-PSEP (Process Segment Executi…
Effectiveness: Defense in Depth
代码示例 (2)
In the code snippet below, an untrusted integer value is used to reference an object in an array.
public String getValue(int index) { return array[index]; }
Bad · Java
The following example takes a user-supplied value to allocate an array of objects and then operates on the array.
private void buildList ( int untrustedListSize ){ if ( 0 > untrustedListSize ){ die("Negative value supplied for list size, die evil hacker!"); } Widget[] list = new Widget [ untrustedListSize ]; list[0] = new Widget(); }
Bad · Java
CVE ID标题CVSS风险等级Published
CVE-2020-17394 Corel Parallels Desktop OEMNet组件输入验证错误漏洞 — Desktop 6.0 -2020-08-25
CVE-2020-11041 FreeRDP 输入验证错误漏洞 — FreeRDP 2.2 Low2020-05-29
CVE-2020-12022 Advantech WebAccess Node 输入验证错误漏洞 — Advantech WebAccess Node 9.8 -2020-05-08
CVE-2020-8876 Corel Parallels Desktop IOCTL handler 缓冲区错误漏洞 — Desktop 6.5 -2020-03-23
CVE-2020-8875 Corel Parallels Desktop IOCTL handler 缓冲区错误漏洞 — Desktop 8.8 -2020-03-23
CVE-2020-5319 多款Dell产品输入验证错误漏洞 — Unity 7.5 High2020-02-06
CVE-2019-1837 Cisco Unified Communications Manager 输入验证错误漏洞 — Cisco Unified Communications Manager 7.5 -2019-04-18

CWE-129(对数组索引的验证不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 187 条 CVE 漏洞。