Описание
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Меры по смягчению последствий
Do not use TFTP with curl with smaller than the default BLKSIZE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21-curl | Not affected | ||
| .NET Core 2.2 on Red Hat Enterprise Linux | rh-dotnet22-curl | Not affected | ||
| Red Hat Enterprise Linux 5 | curl | Not affected | ||
| Red Hat Enterprise Linux 6 | curl | Out of support scope | ||
| Red Hat JBoss Web Server 5 | curl | Not affected | ||
| Red Hat Software Collections | httpd24-curl | Will not fix | ||
| JBoss Core Services on RHEL 6 | jbcs-httpd24-apr | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-apr-util | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-brotli | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-curl | Fixed | RHSA-2020:0250 | 27.01.2020 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1749652curl: heap buffer overflow in function tftp_receive_packet()
EPSS
Процентиль: 91%
0.06608
Низкий
6.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 6 лет назад
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVSS3: 9.8
nvd
около 6 лет назад
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVSS3: 9.8
debian
около 6 лет назад
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7. ...
EPSS
Процентиль: 91%
0.06608
Низкий
6.3 Medium
CVSS3