En

curl官网安全更新(2021-09-15)

来源:curl官网 发布日期:2021-09-15 阅读次数:7624 评论:0

基本信息

发布日期:2021-09-15(官方当地时间)

更新类型:安全更新

更新版本:未知

感知时间:2021-09-15 14:27:11

风险等级:中危

情报贡献:TSRC

更新标题

UAF and double-free in MQTT sending

更新详情

curl / Docs / Security Problems / UAF and double-free in MQTT sendingRelated:
Bug Bounty
Changelog
Donate
FAQ
Security Problems
Security Process
Vulnerabilities TableUAF and double-free in MQTT sending
Project curl Security Advisory, September 15th 2021 - Permalink
VULNERABILITY
When sending data to an MQTT server, libcurl could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it again.
We are not aware of any case of this flaw having been exploited in the wild.
INFO
This flaw was introduced in commit 2522903b79 but since MQTT support was marked 'experimental' then and not enabled in the build by default until curl 7.73.0 (October 14, 2020) we count that as the first flawed version.
The fixed libcurl version properly clears the pointer when the data has been sent.
The Common Vulnerabilities and Exposures (CVE) project has assigned the name CVE-2021-22945 to this issue.
CWE-415: Double Free
Severity: Medium
AFFECTED VERSIONSAffected versions: curl 7.73.0 to and including 7.78.0
Not affected versions: curl < 7.73.0 and curl >= 7.79.0Also note that libcurl is used by many applications, and not always advertised as such.
THE SOLUTION
A fix for CVE-2021-22945
RECOMMENDATIONS
A - Upgrade curl to version 7.79.0
B - Apply the patch to your local version
C - Do not use MQTT
TIMELINE
This issue was reported to the curl project on July 19, 2021.
This advisory was posted on September 15, 2021.
CREDITS
This issue was reported and patched by z2_.
Thanks a lot!

软件描述

cURL是一个利用URL语法在命令行下工作的文件传输工具,1997年首次发行。它支持文件上传和下载,所以是综合传输工具,但按传统,习惯称cURL为下载工具

CVE编号

TSRC分析

暂无

业界资讯

暂无

评论

提交评论 您输入的评论有误,请重新输入