低危 Canonical Ubuntu资源管理错误漏洞
CVE编号
CVE-2021-20201利用情况
暂无补丁情况
官方补丁披露时间
2021-05-28漏洞描述
Canonical Ubuntu是英国科能(Canonical)公司的一套以桌面应用为主的GNU/Linux操作系统。 Ubuntu 存在资源管理错误漏洞,该漏洞源于客户端发起重新协商拒绝服务。攻击者可利用该漏洞造成拒绝服务。解决建议
目前厂商已发布升级补丁以修复漏洞,补丁获取链接:https://bugzilla.redhat.com/show_bug.cgi?id=1921846
参考链接 |
|
|---|---|
| https://blog.qualys.com/product-tech/2011/10/31/tls-renegotiation-and-denial-... | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1921846 | |
| https://security.gentoo.org/glsa/202208-10 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | spice_project | spice | * | Up to (excluding) 0.14.92 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.10 | spice | * | Up to (excluding) 0.14.2-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.11 | spice | * | Up to (excluding) 0.14.2-r2 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.12 | spice | * | Up to (excluding) 0.14.3-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.13 | spice | * | Up to (excluding) 0.14.3-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.14 | spice | * | Up to (excluding) 0.14.3-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.15 | spice | * | Up to (excluding) 0.14.3-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.16 | spice | * | Up to (excluding) 0.14.3-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.17 | spice | * | Up to (excluding) 0.14.3-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_3.18 | spice | * | Up to (excluding) 0.14.3-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | alpine_edge | spice | * | Up to (excluding) 0.14.3-r1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | centos_8 | spice-debugsource | * | Up to (excluding) 0.14.3-4.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_10 | spice | * | Up to (including) 0.14.0-1.3+deb10u1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_11 | spice | * | Up to (excluding) 0.14.3-2.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_12 | spice | * | Up to (excluding) 0.14.3-2.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_9 | spice | * | Up to (including) 0.12.8-2.1+deb9u3 | |||||
| 运行在以下环境 | |||||||||
| 系统 | debian_sid | spice | * | Up to (excluding) 0.14.3-2.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_aarch64_V10SP2 | spice-help | * | Up to (excluding) 0.14.3-3.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | kylinos_x86_64_V10SP2 | spice-help | * | Up to (excluding) 0.14.3-3.ky10 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_5.2 | libspice-server1 | * | Up to (excluding) 0.14.3-150300.3.3.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.2 | libspice-server-devel | * | Up to (excluding) 0.14.2-lp152.2.6.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | opensuse_Leap_15.3 | libspice-server-devel | * | Up to (excluding) 0.14.3-150300.3.3.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_8 | oraclelinux-release | * | Up to (excluding) 0.14.3-4.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | redhat_8 | spice-debugsource | * | Up to (excluding) 0.14.3-4.el8 | |||||
| 运行在以下环境 | |||||||||
| 系统 | suse_12_SP5 | libspice-server1 | * | Up to (excluding) 0.12.8-18.1 | |||||
| 运行在以下环境 | |||||||||
| 系统 | unionos_a | spice | * | Up to (excluding) spice-0.14.2-3.uelc20.02 | |||||
- 攻击路径 本地
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 DoS
- 全网数量 N/A
| CWE-ID | 漏洞类型 |
| CWE-400 | 未加控制的资源消耗(资源穷尽) |
| NVD-CWE-Other |
Exp相关链接
版权声明
本站原创文章转载请注明文章出处及链接,谢谢合作!
评论