Уязвимость DoS атаки в curl из-за некорректной обработки глобального буфера при разрешении имён хостов
Описание
Уязвимость DoS атаки присутствует в libcurl при использовании нескольких различных механизмов для разрешения имен хостов, которые выбираются на этапе сборки. Если libcurl собран с использованием синхронного резолвера, он позволяет операциям разрешения имен прерываться из-за медленного выполнения с помощью функций alarm() и siglongjmp(). При этом libcurl использует глобальный буфер, который не защищен мьютексами, что может привести к аварийному завершению работы или некорректному поведению многопоточного приложения.
Затронутые версии ПО
- curl < 8.1.0
Тип уязвимости
DoS (отказ в обслуживании)
Ссылки
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitPatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- ExploitPatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
Одновременно
Одновременно
Одновременно
Одновременно
EPSS
5.9 Medium
CVSS3
Дефекты
Связанные уязвимости
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.
A denial of service vulnerability exists in curl <v8.1.0 in the way li ...
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.
EPSS
5.9 Medium
CVSS3