目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-191 整数下溢(超界折返) 类漏洞列表 219

CWE-191 整数下溢(超界折返) 类弱点 219 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-191 整数下溢漏洞发生于程序执行减法操作时,结果低于整数类型允许的最小值,导致数值回绕至最大值附近,产生非预期结果。攻击者常利用此缺陷绕过安全检查或引发逻辑错误,进而可能导致缓冲区溢出等更严重的安全问题。开发者应通过添加边界检查、使用更大范围的整数类型或启用编译器的溢出检测功能,确保算术运算在合法范围内,从而有效防止此类漏洞发生。

MITRE CWE 官方描述
CWE:CWE-191 整数下溢(Integer Underflow)(回绕或回绕现象 Wrap or Wraparound) 产品从一个值中减去另一个值,导致结果小于允许的最小整数值,从而产生一个不等于正确结果的值。 这种情况可能发生在有符号(signed)和无符号(unsigned)情形中。
常见影响 (3)
AvailabilityDoS: Crash, Exit, or Restart, DoS: Resource Consumption (CPU), DoS: Resource Consumption (Memory), DoS: Instability
This weakness will generally lead to undefined behavior and therefore crashes. In the case of overflows involving loop index variables, the likelihood of infinite loops is also high.
IntegrityModify Memory
If the value in question is important to data (as opposed to flow), simple data corruption has occurred. Also, if the wrap around results in other conditions such as buffer overflows, further memory corruption may occur.
Confidentiality, Availability, Access ControlExecute Unauthorized Code or Commands, Bypass Protection Mechanism
This weakness can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
代码示例 (2)
The following example subtracts from a 32 bit signed integer.
#include <stdio.h> #include <stdbool.h> main (void) { int i; i = -2147483648; i = i - 1; return 0; }
Bad · C
This code performs a stack allocation based on a length calculation.
int a = 5, b = 6; size_t len = a - b; char buf[len];    // Just blows up the stack }
Bad · C
CVE ID标题CVSS风险等级Published
CVE-2020-17395 Corel Parallels Desktop 数字错误漏洞 — Desktop 8.2 -2020-08-25
CVE-2020-6098 freeDiameter 数字错误漏洞 — freeDiameter 7.5 -2020-07-28
CVE-2020-2031 Palo Alto Networks PAN-OS dnsproxyd 数字错误漏洞 — PAN-OS 4.9 Medium2020-07-08
CVE-2019-5144 Kakadu Software SDK 缓冲区错误漏洞 — Kakadu Software 8.1 High2019-12-12
CVE-2019-5099 LEAD Technologies LEADTOOLS 数字错误漏洞 — LEADTOOLS 7.8 -2019-11-06
CVE-2019-12678 Cisco Adaptive Security Appliance Software和Cisco Firepower Threat Defense 数字错误漏洞 — Cisco Adaptive Security Appliance (ASA) Software 7.5 -2019-10-02
CVE-2019-5459 Videolan VideoLAN VLC media player 数字错误漏洞 — VLC 5.5 -2019-07-30
CVE-2019-1628 Cisco Integrated Management Controller 数字错误漏洞 — Cisco Unified Computing System (Management Software) 5.5 -2019-06-20
CVE-2018-14817 Fuji Electric V-Server VPR 数字错误漏洞 — V-Server 9.8 -2018-09-26

CWE-191(整数下溢(超界折返)) 是常见的弱点类别,本平台收录该类弱点关联的 219 条 CVE 漏洞。