目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1325

100%
请我们喝杯咖啡

CWE-196 无符号至有符号转换错误 类漏洞列表 3

CWE-196 无符号至有符号转换错误 类弱点 3 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-196 属于类型转换漏洞,指将无符号数强制转换为有符号数时,因超出范围导致数值意外变为负数。攻击者常利用此缺陷触发缓冲区下写,从而绕过边界检查并执行任意代码。开发者应避免直接强制转换,需先验证数值范围,确保其符合目标有符号类型的表示能力,或改用更安全的类型处理逻辑以消除风险。

MITRE CWE 官方描述
CWE:CWE-196 Unsigned to Signed Conversion Error 英文:产品使用无符号原始类型(unsigned primitive)并将其强制转换为有符号原始类型(signed primitive),如果该无符号原始类型的值无法用有符号原始类型表示,则可能产生意外值。 尽管与 signed-to-unsigned conversion 相比,unsigned-to-signed conversion 问题较少见,但它可能是导致危险的 buffer underwrite 条件的完美前兆,从而使攻击者能够向下移动栈空间,而在正常的 buffer overflow 条件下,他们通常无法访问该区域。当较大的无符号值被强制转换为有符号值,并随后用作缓冲区索引或用于 pointer arithmetic 时,buffer underwrites 会频繁发生。
常见影响 (3)
AvailabilityDoS: Crash, Exit, or Restart
Incorrect sign conversions generally lead to undefined behavior, and therefore crashes.
IntegrityModify Memory
If a poor cast lead to a buffer overflow or similar condition, data integrity may be affected.
Integrity, Confidentiality, Availability, Access ControlExecute Unauthorized Code or Commands, Bypass Protection Mechanism
Improper signed-to-unsigned conversions without proper checking can sometimes trigger buffer overflows which can be used to execute arbitrary code. This is usually outside the scope of a program's implicit security policy.
缓解措施 (3)
RequirementsChoose a language which is not subject to these casting flaws.
Architecture and DesignDesign object accessor functions to implicitly check values for valid sizes. Ensure that all functions which will be used as a size are checked previous to use as a size. If the language permits, throw exceptions rather than using in-band errors.
ImplementationError check the return values of all functions. Be aware of implicit casts made, and use unsigned variables for sizes if at all possible.
CVE ID标题CVSS风险等级Published
CVE-2026-34155 rauc 数据伪造问题漏洞 — rauc 6.5AIMediumAI2026-03-31
CVE-2023-0185 NVIDIA GPU Display Driver for Linux 安全漏洞 — vGPU software (Virtual GPU Manager - Citrix Hypervisor, VMware vSphere, Red Hat Enterprise Linux KVM), NVIDIA Cloud Gaming (Virtual GPU Manager - Red Hat Enterprise Linux KVM) 6.7 Medium2023-04-01
CVE-2020-13545 Softmaker Office 缓冲区错误漏洞 — Softmaker 7.8 -2021-01-06

CWE-196(无符号至有符号转换错误) 是常见的弱点类别,本平台收录该类弱点关联的 3 条 CVE 漏洞。