漏洞信息详情

Apache Thrift 缓冲区错误漏洞

• CNNVD编号：CNNVD-201910-1680
• 危害等级： 高危
  
• CVE编号： CVE-2019-0210
• 漏洞类型： 缓冲区错误
• 发布时间： 2019-10-29
• 威胁类型： 远程
• 更新时间： 2022-04-18
• 厂        商：
• 漏洞来源： Red Hat

漏洞简介

Apache Thrift是美国阿帕奇（Apache）基金会的一个用于跨平台开发的框架。

Apache Thrift 0.9.3版本至0.12.0版本中存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时，未正确验证数据边界，导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。

漏洞公告

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：

http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/<277a46ca87494176b1bbcf5d72624a2a%40haggis>

参考网址

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2020:0806

来源:MLIST

链接:https://lists.apache.org/thread.HTML/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff@%3Ccommits.pulsar.apache.org%3E

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2020:0805

来源:MLIST

链接:https://lists.apache.org/thread.HTML/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f@%3Ccommits.pulsar.apache.org%3E

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2020:0804

来源:MLIST

链接:https://lists.apache.org/thread.HTML/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142@%3Ccommits.pulsar.apache.org%3E

来源:GENTOO

链接:https://security.gentoo.org/glsa/202107-32

来源:mail-archives.apache.org

链接:http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E

来源:REDHAT

链接:https://access.redhat.com/errata/RHSA-2020:0811

来源:MLIST

链接:https://lists.apache.org/thread.HTML/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1882/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157741/Red-Hat-Security-Advisory-2020-2067-01.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2050/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/156701/Red-Hat-Security-Advisory-2020-0804-01.HTML

来源:vigilance.fr

链接:https://vigilance.fr/vulnerability/Red-Hat-JBoss-Enterprise-Application-Platform-three-vulnerabilities-31779

来源:www.ibm.com

链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.0915/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/160562/Red-Hat-Security-Advisory-2020-5568-01.HTML

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2022041520

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/158048/Red-Hat-Security-Advisory-2020-2512-01.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/156885/Red-Hat-Security-Advisory-2020-0962-01.HTML

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.2042/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.4464/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/163494/Gentoo-Linux-Security-Advisory-202107-32.HTML

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157859/Red-Hat-Security-Advisory-2020-2333-01.HTML

来源:www.cybersecurity-help.cz

链接:https://www.cybersecurity-help.cz/vdb/SB2021071503

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1858/

来源:nvd.nist.gov

链接:https://nvd.nist.gov/vuln/detail/CVE-2019-0210

来源:www.ibm.com

链接:https://www.ibm.com/support/pages/node/1120701

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1052/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1024/

来源:www.auscert.org.au

链接:https://www.auscert.org.au/bulletins/ESB-2020.1766/

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/157835/Red-Hat-Security-Advisory-2020-2321-01.HTML

受影响实体

暂无

补丁

• Apache Thrift 缓冲区错误漏洞的修复措施