cURL/libcURL缓冲区溢出漏洞CVE-2017-8816 还可DoS 7.36.0到7.56.1受影响

cURL/libcURL爆出缓冲区溢出漏洞,CVEID为CVE-2017-8816。因为它对于用户提供的数据在拷贝到不够大小的缓冲区,没有充分的边界检查。攻击者可以利用此问题,在受影响的应用程序上下文中,执行任意代码。失败的攻击尝试将导致拒绝服务条件。cURL/ libcurl 7.36.0到7.56.1受影响。

curl是利用URL语法在命令行方式下工作的开源文件传输工具。它被广泛应用在Unix、多种Linux发行版中,并且有DOS和Win32、Win64下的移植版本。

cURL/libcURL缓冲区溢出漏洞CVE-2017-8816

cURL/ libcurl容易出现缓冲区溢出漏洞,因为它对于用户提供的数据在拷贝到不够大小的缓冲区,没有充分的边界检查。攻击者可以利用此问题,在受影响的应用程序上下文中,执行任意代码。

失败的攻击尝试将导致拒绝服务条件。cURL/ libcurl 7.36.0到7.56.1受影响。

Bugtraq ID: 101998
Class: Boundary Condition Error
CVE: CVE-2017-8816
Remote: Yes
Local: No
Published: Nov 29 2017 12:00AM
Updated: Dec 01 2017 12:10AM
Credit: Alex Nichols.
Vulnerable: Redhat Software Collections for RHEL 0
Redhat Enterprise Linux 7
Redhat Enterprise Linux 6
+ Trustix Secure Enterprise Linux 2.0 
+ Trustix Secure Linux 2.2 
+ Trustix Secure Linux 2.1 
+ Trustix Secure Linux 2.0 
Redhat Enterprise Linux 5
Redhat Ceph Storage 2
Haxx Libcurl 7.56 
Haxx Libcurl 7.55.1 
Haxx Libcurl 7.54.1 
Haxx Libcurl 7.54 
Haxx Libcurl 7.53.1 
Haxx Libcurl 7.53 
Haxx Libcurl 7.52 
Haxx Libcurl 7.51 
Haxx Libcurl 7.50.3 
Haxx Libcurl 7.50.2 
Haxx Libcurl 7.50.1 
Haxx Libcurl 7.50 
Haxx Libcurl 7.47 
Haxx Libcurl 7.46 
Haxx Libcurl 7.43 
Haxx Libcurl 7.42.1 
Haxx Libcurl 7.36 
Haxx Libcurl 7.55.0
Haxx Libcurl 7.52.1
Haxx Libcurl 7.49.0
Haxx Libcurl 7.48.0
Haxx Libcurl 7.42.0
Haxx Libcurl 7.41.0
Haxx Libcurl 7.40.0
Haxx Libcurl 7.39
Haxx Libcurl 7.38.0
Haxx Libcurl 7.37.1
Haxx Libcurl 7.37.0
Haxx Curl 7.56.1 
Haxx Curl 7.56 
Haxx Curl 7.55.1 
Haxx Curl 7.55 
Haxx Curl 7.54.1 
Haxx Curl 7.54 
Haxx Curl 7.53.1 
Haxx Curl 7.53 
Haxx Curl 7.52 
Haxx Curl 7.51 
Haxx Curl 7.50.3 
Haxx Curl 7.50 
Haxx Curl 7.47 
Haxx Curl 7.46 
Haxx Curl 7.36 
Haxx Curl 7.52.1
Haxx Curl 7.50.1
Haxx Curl 7.48.0
Haxx Curl 7.40.0
 
Not Vulnerable: Haxx Libcurl 7.57 
Haxx Curl 7.57.0

发表评论