发布于3月6日3月6日 Members Ubuntu: (Multiple Advisories) (CVE-2024-40897): ORC vulnerability Severity 6 CVSS (AV:L/AC:H/Au:S/C:C/I:C/A:C) Published 07/26/2024 Created 08/20/2024 Added 08/19/2024 Modified 01/30/2025 Description Stack-based buffer overflow vulnerability exists in orcparse.c of ORC versions prior to 0.4.39. If a developer is tricked to process a specially crafted file with the affected ORC compiler, an arbitrary code may be executed on the developer's build environment. This may lead to compromise of developer machines or CI build environments. Solution(s) ubuntu-pro-upgrade-liborc-0-4-0 ubuntu-pro-upgrade-liborc-0-4-0t64 ubuntu-pro-upgrade-liborc-0-4-dev References https://attackerkb.com/topics/cve-2024-40897 CVE - 2024-40897 USN-6964-1 USN-6964-2
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。