Описание
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
Отчет
This flaw exists if the user selects to use a "blksize" of 504 or smaller (default is 512). The smaller size that is used, the larger the possible overflow becomes. Users choosing a smaller size than default should be rare as the primary use case for changing the size is to make it larger. It is rare for users to use TFTP across the Internet. It is most commonly used within local networks.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 1.0 on Red Hat Enterprise Linux | rh-dotnetcore10-curl | Not affected | ||
| .NET Core 1.1 on Red Hat Enterprise Linux | rh-dotnetcore11-curl | Not affected | ||
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21-curl | Not affected | ||
| .NET Core 2.2 on Red Hat Enterprise Linux | rh-dotnet22-curl | Not affected | ||
| Red Hat Enterprise Linux 5 | curl | Not affected | ||
| Red Hat Enterprise Linux 6 | curl | Will not fix | ||
| Red Hat JBoss Core Services | curl | Affected | ||
| Red Hat JBoss Web Server 5 | curl | Not affected | ||
| Red Hat Software Collections | httpd24-curl | Fix deferred | ||
| JBoss Core Services Apache HTTP Server 2.4.29 SP2 | Fixed | RHSA-2019:1543 | 18.06.2019 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
A heap buffer overflow in the TFTP receiving code allows for DoS or ar ...
EPSS
7 High
CVSS3