Oracle Retail Xstore Point of Service 17 Xstore Services 拒绝服务漏洞

admin

0
文章

0
评论

2023-12-02 05:30:48 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

低危 Oracle Retail Xstore Point of Service 17 Xstore Services 拒绝服务漏洞

CVE编号

CVE-2018-10237

利用情况

暂无

补丁情况

官方补丁

披露时间

2018-04-27

漏洞描述

Google Guava是美国谷歌（Google）公司开发的一款包括图形库、函数类型、I/O和字符串处理等的Java核心库。 Google Guava 11.0版本至24.1.1版本（不包括24.1.1版本）中存在安全漏洞，该漏洞源于程序未能正确的检测客户端发送的内容及数据大小是否合理。远程攻击者可利用该漏洞造成拒绝服务。

解决建议

厂商已发布漏洞修复程序，请及时关注更新：https://groups.google.com/forum/#!topic/guava-announce/xqWALw4W1vs/discussion

参考链接
http://www.securitytracker.com/id/1041707
https://access.redhat.com/errata/RHSA-2018:2423
https://access.redhat.com/errata/RHSA-2018:2424
https://access.redhat.com/errata/RHSA-2018:2425
https://access.redhat.com/errata/RHSA-2018:2428
https://access.redhat.com/errata/RHSA-2018:2598
https://access.redhat.com/errata/RHSA-2018:2643
https://access.redhat.com/errata/RHSA-2018:2740
https://access.redhat.com/errata/RHSA-2018:2741
https://access.redhat.com/errata/RHSA-2018:2742
https://access.redhat.com/errata/RHSA-2018:2743
https://access.redhat.com/errata/RHSA-2018:2927
https://access.redhat.com/errata/RHSA-2019:2858
https://access.redhat.com/errata/RHSA-2019:3149
https://groups.google.com/d/topic/guava-announce/xqWALw4W1vs/discussion
https://lists.apache.org/thread.html/053d9ce4d579b02203db18545fee5e33f35f2932...
https://lists.apache.org/thread.html/19fa48533bc7ea1accf6b12746a74ed888ae6e49...
https://lists.apache.org/thread.html/33c6bccfeb7adf644d4d79894ca8f09370be6ed4...
https://lists.apache.org/thread.html/3d5dbdd92ac9ceaef90e40f78599f9109f2f3452...
https://lists.apache.org/thread.html/3ddd79c801edd99c0978e83dbe2168ebd36fd42a...
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d...
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a...
https://lists.apache.org/thread.html/cc48fe770c45a74dc3b37ed0817393e0c96701fc...
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34...
https://lists.apache.org/thread.html/ff8dcfe29377088ab655fda9d585dccd5b1f07fa...
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d...
https://lists.apache.org/thread.html/r02e39d7beb32eebcdbb4b516e95f67d71c90d5d...
https://lists.apache.org/thread.html/r223bc776a077d0795786c38cbc6e7dd808fce1a...
https://lists.apache.org/thread.html/r22c8173b804cd4a420c43064ba4e363d0022aa4...
https://lists.apache.org/thread.html/r27eb79a87a760335226dbfa6a7b7bffea539a53...
https://lists.apache.org/thread.html/r2ea4e5e5aa8ad73b001a466c582899620961f47...
https://lists.apache.org/thread.html/r30e7d7b6bfa630dacc41649a0e96dad75165d50...
https://lists.apache.org/thread.html/r352e40ca9874d1beb4ad95403792adca7eb295e...
https://lists.apache.org/thread.html/r38e2ab87528d3c904e7fac496e8fd766b927765...
https://lists.apache.org/thread.html/r3c3b33ee5bef0c67391d27a97cbfd89d44f328c...
https://lists.apache.org/thread.html/r43491b25b2e5c368c34b106a82eff910a5cea3e...
https://lists.apache.org/thread.html/r50fc0bcc734dd82e691d36d209258683141bfc0...
https://lists.apache.org/thread.html/r841c5e14e1b55281523ebcde661ece00b38a056...
https://lists.apache.org/thread.html/r95799427b335807a4c54776908125c3e66597b6...
https://lists.apache.org/thread.html/ra0adb9653c7de9539b93cc8434143b655f753b9...
https://lists.apache.org/thread.html/ra4f44016926dcb034b3b230280a18102062f94a...
https://lists.apache.org/thread.html/ra8906723927aef2a599398c238eacfc845b74d8...
https://lists.apache.org/thread.html/rb3da574c34bc6bd37972d2266af3093b90d7e43...
https://lists.apache.org/thread.html/rc78f6e84f82cc662860e96526d8ab969f34dbe1...
https://lists.apache.org/thread.html/rc8467f357b943ceaa86f289f8bc1a5d1c7955b7...
https://lists.apache.org/thread.html/rd01f5ff0164c468ec7abc96ff7646cea3cce637...
https://lists.apache.org/thread.html/rd0c8ec6e044aa2958dd0549ebf8ecead7f5968c...
https://lists.apache.org/thread.html/rdc56c15693c236e31e1e95f847b8e5e74fc0a05...
https://security.netapp.com/advisory/ntap-20220629-0008/
https://www.oracle.com/security-alerts/cpuapr2020.html
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/security-alerts/cpuoct2021.html

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	google	guava	*	From (including) 11.0	Up to (excluding) 24.1.1
	运行在以下环境
	应用	redhat	jboss_enterprise_application_platform	6.0.0	-
	运行在以下环境
	应用	redhat	jboss_enterprise_application_platform	6.4.0	-
	运行在以下环境
	应用	redhat	jboss_enterprise_application_platform	7.1.0	-
	运行在以下环境
	应用	redhat	openstack	13.0	-
	运行在以下环境
	应用	redhat	satellite	6.4	-
	运行在以下环境
	应用	redhat	virtualization	4.2	-
	运行在以下环境
	应用	redhat	virtualization_host	4.0	-
	运行在以下环境
	系统	debian_10	guava-libraries	*		Up to (including) 19.0-1
	运行在以下环境
	系统	debian_11	guava-libraries	*		Up to (excluding) 29.0-1
	运行在以下环境
	系统	debian_12	guava-libraries	*		Up to (excluding) 29.0-1
	运行在以下环境
	系统	debian_sid	guava-libraries	*		Up to (excluding) 29.0-1
	运行在以下环境
	系统	fedora_26	guava-javadoc	*		Up to (excluding) 18.0-12.fc26
	运行在以下环境
	系统	fedora_27	guava-javadoc	*		Up to (excluding) 18.0-12.fc27
	运行在以下环境
	系统	fedora_28	guava-javadoc	*		Up to (excluding) 20.0-6.fc28