Kusagadzikana (CVE-2023-38545) kwakaonekwa mukushandisa kwekugamuchira uye kutumira data pamusoro peiyo curl network uye libcurl raibhurari, iyo iri kuvandudzwa mukuwirirana, izvo zvinogona kutungamira mukufashukira kwebuffer uye nekugona kuuraya kodhi yeanorwisa pa. divi remutengi kana rawanikwa uchishandisa curl utility kana chishandiso uchishandisa libcurl, kune HTTPS server inodzorwa neanorwisa. Dambudziko rinongoonekwa chete kana kupinda kuburikidza neSOCKS5 proxy kwakagoneswa mu curl. Kana uchiwana zvakananga pasina proxy, kusagadzikana hakuoneki. Kusagadzikana kwakagadziriswa mu curl 8.4.0 kuburitswa. Muongorori wezvekuchengetedza akawana bug akagamuchira mubairo we4660 sechikamu cheHackerone's Internet Bug Bounty chirongwa.
Kusagadzikana uku kunokonzerwa nekukanganisa mukodhi yezita rekugamuchira usati wawana iyo SOCKS5 proxy. Kana zita remuenzi richisvika mazana maviri nemakumi mashanu nenhatu mavara kureba, curl pakarepo inopfuudza zita kune iyo SOCKS256 proxy kuti igadziriswe padivi payo, uye kana zita racho richipfuura 5 mavara, inochinjira kumugadziri wenzvimbo uye inopfuudza kero yakatsanangurwa kare kuSOCKS255. . Nekuda kwekukanganisa mukodhi, mureza unoratidza kudiwa kwegadziriso yemunharaunda unogona kuiswa kune iyo isiri iyo kukosha panguva yekunonoka kutaurirana kwekubatana kuburikidza neSOCKS5, izvo zvakaita kuti kurekodha kwezita remugamuchiri refu mubuffer yakagoverwa netarisiro. yekuchengetedza IP kero kana zita, isingadariki mabhii 5.
Muridzi wesaiti inowanikwa necurl kuburikidza neSOCKS5 proxy inogona kukonzeresa mutengi-padivi buffer kufashukira nekudzorera chikumbiro chekutungamira kodhi (HTTP 30x) uye kuseta iyo "Nzvimbo:" musoro kune URL ine zita remugamuchiri muhuwandu hwe16 kumusoro. kusvika pa64 KB (16 KB ihwo hudiki hudiki hunodiwa kuti hufashukire bhafa yakagoverwa, uye 65 KB ndiyo inobvumirwa kureba kwezita rekutambira muURL). Kana chikumbiro chekutungamira chikagoneswa muzvirongwa zve libcurl uye proxy yeSOCKS5 yakashandiswa inononoka zvakakwana, ipapo zita remuenzi rerefu richanyorwa kune diki buffer, zviri pachena yehukuru diki.
Kusagadzikana kunonyanya kukanganisa maapplication akavakirwa pa libcurl uye anoonekwa mune curl utility chete kana uchishandisa "--limit-rate" sarudzo ine kukosha isingasviki 65541 - libcurl nekusarudzika inogovera buffer ye16 KB muhukuru, uye mune curl utility. iri 100 KB, asi ukuru hunochinja zvichienderana nekukosha kwe "-limit-rate" parameter.
Daniel Stenberg, munyori wechirongwa ichi, akataura kuti kusagadzikana kwakaramba kusingaonekwe kwemazuva 1315. Inotiwo 41% yezvakambozivikanwa kusadzivirirwa mu curl ingadai yakadziviswa dai curl yakanyorwa nemutauro wakachengeteka mundangariro, asi hapana hurongwa hwekunyorazve curl mune mumwe mutauro mune ramangwana rinoonekwa. Sematanho ekuvandudza kuchengetedzeka kweiyo kodhi base, inokurudzirwa kuwedzera maturusi ekuyedza kodhi uye zvakanyanya kushingaira kushandisa zvinovimbika zvakanyorwa mumitauro yekuronga iyo inovimbisa kushanda kwakachengeteka nendangariro. Iri kufungawo nezve mukana wekudzoreredza zvishoma nezvishoma zvikamu zve curl nemhando dzakanyorwa mumitauro yakachengeteka, seyeyedzo Hyper HTTP backend inoshandiswa muRust.
Source: opennet.ru