LoginH3C Security Vulnerability-buffer overflow Security Vulnerability - CVE-2016-9586
04-02-2021
【Summary】
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any applications that accepts a format string from the outside without necessary input filtering, it may cause remote attack. The vulnerability numbers is CVE-2016-9586.
【Impact】
Attackers can exploit this issue to execute arbitrary code in the context of the affected application.
【Software Versions and Fixes】
Product Name | Affected Version | Resolved Product and Version |
12500 (V7) | All | TBC Before Oct 29,2018 |
10500(V7)_R71xx | All | TBC Before Oct 29,2018 |
6125XLG Blade Switch | All | TBC Before Sep 30,2018 |
5900/5920(V7) | All | TBC Before Sep 30,2018 |
MSR1000/2000/3000/4000(V7) | All | TBC |
VSR | All | TBC |
7900 | All | Upgrade to R2712 |
5130EI | All | Upgrade to R3208P08 |
5700(V7) | All | TBC Before Sep 30,2018 |
5930(V7) | All | TBC Before Sep 30,2018 |
HSR6600/HSR6800 | All | TBC |
6127XLG Blade Switch | All | TBC Before Sep 30,2018 |
1950 | All | TBC |
7500(V7)_R71xx | All | TBC |
5130HI | All | TBC |
5510HI | All | TBC |
Moonshoot | All | TBC Before Sep 30,2018 |
5940 | All | TBC Before Oct 31,2018 |
5950 | All | TBC |
12900E | All | Upgrade to R2712 |
MSR95X/MSR1000/2000/3000/4000(V7) | All | TBC |
10500(V7)_R75xx | All | TBC |
7500(V7)_R75xx | All | TBC |
M9K(Only domestic) | All | TBC |
F10X0(Only domestic) | All | TBC |
F50X0(Only domestic) | All | TBC |
L1K(Only domestic) | All | TBC |
L5K(Only domestic) | All | TBC |
T1K(Only domestic) | All | TBC |
T5K(Only domestic) | All | TBC |
BladeADE(Only domestic) | All | TBC |
Blade NGFW(Only domestic) | All | TBC |
M9K(B64) (Only domestic) | All | TBC |
LA3616(Only domestic) | All | TBC |
RA10X/100/200(Only domestic) | All | TBC |
Wireless AC/AP | All | TBC Before Sep 30,2018 |
APOLLO Blade Switch | All | TBC Before Sep 30,2018 |
HSR6600/HSR6800 | All | TBC |
5980 | All | Upgrade to R2712 |
CR19000/CR16000-X | All | TBC |
5130HI/5510HI | All | TBC |
iMC PLAT | All | TBC |
vBRAS(Only domestic) | All | TBC |
vFW(Only domestic) | All | TBC |
vLB(Only domestic) | All | TBC |
vAC(Only domestic) | All | TBC |
vLNS(Only domestic) | All | TBC |
NASS torage-H3C X10000 | All | TBC Before Oct 30,2018 |
Block Storage -H3C ONEStor | All | TBC Before Oct 30,2018 |
SecPath AFC DDoS Device | All | TBC |
SecPath Web Monitoring Center | All | TBC |
H3Cloud CMP | All | TBC |
【Temporary Fix】
None
【Revision History】
2018-07-04 V1.0 INITIAL
H3C advocates that every effort be made to safeguard the ultimate interests of product users, to abide by principles of responsible disclosure of security incidents, and to handle product security issues in accordance with security issues mechanisms. For information on H3C's security emergency response service and H3C product vulnerabilities, please visithttps://www.h3c.com/en/Support/Online_Help/psirt/.
