Описание
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
Меры по смягчению последствий
Do not use TFTP with curl with smaller than the default BLKSIZE.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21-curl | Not affected | ||
| .NET Core 2.2 on Red Hat Enterprise Linux | rh-dotnet22-curl | Not affected | ||
| Red Hat Enterprise Linux 5 | curl | Not affected | ||
| Red Hat Enterprise Linux 6 | curl | Out of support scope | ||
| Red Hat JBoss Web Server 5 | curl | Not affected | ||
| Red Hat Software Collections | httpd24-curl | Will not fix | ||
| JBoss Core Services on RHEL 6 | jbcs-httpd24-apr | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-apr-util | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-brotli | Fixed | RHSA-2020:0250 | 27.01.2020 |
| JBoss Core Services on RHEL 6 | jbcs-httpd24-curl | Fixed | RHSA-2020:0250 | 27.01.2020 |
Показывать по
10
Дополнительная информация
Статус:
Moderate
Дефект:
CWE-122
https://bugzilla.redhat.com/show_bug.cgi?id=1749652curl: heap buffer overflow in function tftp_receive_packet()
EPSS
Процентиль: 93%
0.10791
Средний
6.3 Medium
CVSS3
Связанные уязвимости
CVSS3: 9.8
ubuntu
почти 6 лет назад
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVSS3: 9.8
nvd
почти 6 лет назад
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVSS3: 9.8
debian
почти 6 лет назад
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7. ...
EPSS
Процентиль: 93%
0.10791
Средний
6.3 Medium
CVSS3