发布日期：2019-01-03
更新日期：2019-10-17

受影响系统：

Haxx libcURL 7.36.0－7.64.0

描述：

---

BUGTRAQ  ID: 106950
CVE(CAN) ID: CVE-2019-3822

Haxx libcurl是开源的客户端URL传输库。该产品支持FTP、SFTP、TFTP和HTTP等协议。

libcurl 7.36.0－7.64.0版本，在实现中存在基于栈的缓冲区溢出漏洞。远程攻击者可利用该漏洞造成拒绝服务或可能执行任意代码。

<*来源：Wenxiang Qian
  *>

建议：

---

厂商补丁：

Haxx
----
目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：

https://curl.haxx.se/libcurl/

参考：
URL:http://www.securityfocus.com/bid/106950
CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3822
CONFIRM:https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf
CONFIRM:https://security.netapp.com/advisory/ntap-20190315-0001/
CONFIRM:https://security.netapp.com/advisory/ntap-20190719-0004/
CONFIRM:https://support.f5.com/csp/article/K84141449
CONFIRM:https://support.f5.com/csp/article/K84141449?utm_source=f5support&amp;utm_medium=RSS
DEBIAN:DSA-4386
URL:https://www.debian.org/security/2019/dsa-4386
GENTOO:GLSA-201903-03
URL:https://security.gentoo.org/glsa/201903-03
MISC:https://curl.haxx.se/docs/CVE-2019-3822.html
MISC:https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
MISC:https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
MLIST:[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.
URL:https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E
UBUNTU:USN-3882-1
URL:https://usn.ubuntu.com/3882-1/

浏览次数：1174
严重程度：0（网友投票）