CWE-135 多字节字符串长度的计算不正确 类弱点 1 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-135属于字符串处理缺陷,指程序未能正确计算包含宽字符或多字节字符的字符串长度。攻击者常利用此漏洞导致缓冲区溢出或逻辑错误,从而引发内存破坏或拒绝服务。开发者应避免使用仅计算字节的函数,转而采用支持多字节编码的安全API,确保在分配内存或进行边界检查时准确识别字符实际占用空间,从而从根本上消除此类风险。
#include <stdio.h> #include <strings.h> #include <wchar.h> int main() { wchar_t wideString[] = L"The spazzy orange tiger jumped " \ "over the tawny jaguar."; wchar_t *newString; printf("Strlen() output: %d\nWcslen() output: %d\n", strlen(wideString), wcslen(wideString)); /* Wrong because the number of chars in a string isn't related to its length in bytes // newString = (wchar_t *) malloc(strlen(wideString)); */ /* Wrong because wide characters aren't 1 byte long! // newString = (wchar_t *) malloc(wcslen(wideString)); */ /* Wrong because wcslen does not include the terminating null */ newStrinStrlen() output: 0 Wcslen() output: 53| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-0810 | gitoxide 安全漏洞 — gitoxide | 7.1 | High | 2026-01-26 |
CWE-135(多字节字符串长度的计算不正确) 是常见的弱点类别,本平台收录该类弱点关联的 1 条 CVE 漏洞。