漏洞信息详情
Apache Thrift 缓冲区错误漏洞
- CNNVD编号:CNNVD-201910-1680
- 危害等级: 高危
- CVE编号: CVE-2019-0210
- 漏洞类型: 缓冲区错误
- 发布时间: 2019-10-29
- 威胁类型: 远程
- 更新时间: 2022-04-18
- 厂 商:
- 漏洞来源: Red Hat
漏洞简介
Apache Thrift是美国阿帕奇(Apache)基金会的一个用于跨平台开发的框架。
Apache Thrift 0.9.3版本至0.12.0版本中存在缓冲区错误漏洞。该漏洞源于网络系统或产品在内存上执行操作时,未正确验证数据边界,导致向关联的其他内存位置上执行了错误的读写操作。攻击者可利用该漏洞导致缓冲区溢出或堆溢出等。
漏洞公告
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:
http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/<277a46ca87494176b1bbcf5d72624a2a%40haggis>
参考网址
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0806
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r55609613abab203a1f2c1f3de050b63ae8f5c4a024df0d848d6915ff@%3Ccommits.pulsar.apache.org%3E
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0805
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r2832722c31d78bef7526e2c701ba4b046736e4c851473194a247392f@%3Ccommits.pulsar.apache.org%3E
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0804
来源:MLIST
链接:https://lists.apache.org/thread.HTML/rab740e5c70424ef79fd095a4b076e752109aeee41c4256c2e5e5e142@%3Ccommits.pulsar.apache.org%3E
来源:GENTOO
链接:https://security.gentoo.org/glsa/202107-32
来源:mail-archives.apache.org
链接:http://mail-archives.apache.org/mod_mbox/thrift-dev/201910.mbox/%3C277A46CA87494176B1BBCF5D72624A2A%40HAGGIS%3E
来源:REDHAT
链接:https://access.redhat.com/errata/RHSA-2020:0811
来源:MLIST
链接:https://lists.apache.org/thread.HTML/r36581cc7047f007dd6aadbdd34e18545ec2c1eb7ccdae6dd47a877a9@%3Ccommits.pulsar.apache.org%3E
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1882/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157741/Red-Hat-Security-Advisory-2020-2067-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2050/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156701/Red-Hat-Security-Advisory-2020-0804-01.HTML
来源:vigilance.fr
链接:https://vigilance.fr/vulnerability/Red-Hat-JBoss-Enterprise-Application-Platform-three-vulnerabilities-31779
来源:www.ibm.com
链接:https://www.ibm.com/blogs/psirt/security-bulletin-ibm-cognos-analytics-has-addressed-multiple-vulnerabilities/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.0915/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/160562/Red-Hat-Security-Advisory-2020-5568-01.HTML
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2022041520
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/158048/Red-Hat-Security-Advisory-2020-2512-01.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/156885/Red-Hat-Security-Advisory-2020-0962-01.HTML
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.2042/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.4464/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/163494/Gentoo-Linux-Security-Advisory-202107-32.HTML
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157859/Red-Hat-Security-Advisory-2020-2333-01.HTML
来源:www.cybersecurity-help.cz
链接:https://www.cybersecurity-help.cz/vdb/SB2021071503
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1858/
来源:nvd.nist.gov
链接:https://nvd.nist.gov/vuln/detail/CVE-2019-0210
来源:www.ibm.com
链接:https://www.ibm.com/support/pages/node/1120701
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1052/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1024/
来源:www.auscert.org.au
链接:https://www.auscert.org.au/bulletins/ESB-2020.1766/
来源:packetstormsecurity.com
链接:https://packetstormsecurity.com/files/157835/Red-Hat-Security-Advisory-2020-2321-01.HTML
受影响实体
暂无
补丁
- Apache Thrift 缓冲区错误漏洞的修复措施
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论