Описание
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 1.0 on Red Hat Enterprise Linux | rh-dotnetcore10-curl | Out of support scope | ||
| .NET Core 1.1 on Red Hat Enterprise Linux | rh-dotnetcore11-curl | Out of support scope | ||
| .NET Core 2.0 on Red Hat Enterprise Linux | rh-dotnet20-curl | Out of support scope | ||
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21-curl | Will not fix | ||
| Red Hat Enterprise Linux 5 | curl | Not affected | ||
| Red Hat Enterprise Linux 6 | curl | Not affected | ||
| Red Hat Enterprise Linux 7 | curl | Not affected | ||
| Red Hat Enterprise Virtualization 3 | mingw-virt-viewer | Will not fix | ||
| Red Hat JBoss Core Services | curl | Not affected | ||
| Red Hat JBoss Enterprise Web Server 3 | curl | Not affected |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-120
https://bugzilla.redhat.com/show_bug.cgi?id=1388382curl: Glob parser write/read out of bounds
EPSS
Процентиль: 67%
0.00546
Низкий
6.5 Medium
CVSS3
5.8 Medium
CVSS2
Связанные уязвимости
CVSS3: 6.5
ubuntu
почти 7 лет назад
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
CVSS3: 6.5
nvd
почти 7 лет назад
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
CVSS3: 6.5
debian
почти 7 лет назад
The 'globbing' feature in curl before version 7.51.0 has a flaw that l ...
CVSS3: 9.8
github
около 3 лет назад
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
EPSS
Процентиль: 67%
0.00546
Низкий
6.5 Medium
CVSS3
5.8 Medium
CVSS2