阿里云漏洞库

TFTP接收代码中的堆缓冲区溢出允许在libcurl版本 7.19.4 through 7.64.1中执行DoS或任意代码。

厂商已发布了漏洞修复程序，请及时关注更新：
https://curl.haxx.se/docs/CVE-2019-5436.html

参考链接
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html
http://www.openwall.com/lists/oss-security/2019/09/11/6
https://curl.haxx.se/docs/CVE-2019-5436.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://seclists.org/bugtraq/2020/Feb/36
https://security.gentoo.org/glsa/202003-29
https://security.netapp.com/advisory/ntap-20190606-0004/
https://support.f5.com/csp/article/K55133295
https://support.f5.com/csp/article/K55133295?utm_source=f5support&amp%3Butm_m...
https://www.debian.org/security/2020/dsa-4633
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	f5	traffix_signaling_delivery_controller	*	From (including) 5.0.0	Up to (including) 5.1.0
	运行在以下环境
	应用	haxx	libcurl	*	From (including) 7.19.4	Up to (including) 7.64.1
	运行在以下环境
	应用	netapp	hci_management_node	-	-
	运行在以下环境
	应用	netapp	solidfire	-	-
	运行在以下环境
	应用	netapp	steelstore_cloud_integrated_storage	-	-
	运行在以下环境
	应用	oracle	enterprise_manager_ops_center	12.3.3	-
	运行在以下环境
	应用	oracle	enterprise_manager_ops_center	12.4.0	-
	运行在以下环境
	应用	oracle	mysql_server	*		Up to (including) 5.7.27
	运行在以下环境
	应用	oracle	mysql_server	*	From (including) 5.7.28	Up to (including) 8.0.17
	运行在以下环境
	应用	oracle	oss_support_tools	20.0	-
	运行在以下环境
	系统	debian	debian_linux	10.0	-
	运行在以下环境
	系统	debian	debian_linux	9.0	-
	运行在以下环境
	系统	fedoraproject	fedora	29	-
	运行在以下环境
	系统	opensuse	leap	15.0	-
	运行在以下环境
	系统	opensuse	leap	15.1	-
	运行在以下环境
	系统	opensuse	leap	42.3	-

CWE-ID	漏洞类型
CWE-787	跨界内存写