发布时间: 2025年3月4日
修改时间: 2025年3月4日
There exists a heap buffer overflow vulnerable in Abseil-cpp. The sized constructors, reserve(), and rehash() methods of absl::{flat,node}hash{set,map} did not impose an upper bound on their size argument. As a result, it was possible for a caller to pass a very large size that would cause an integer overflow when computing the size of the container's backing store, and a subsequent out-of-bounds memory write. Subsequent accesses to the container might also access out-of-bounds memory. We recommend upgrading past commit 5a0e2cb5e3958dd90bb8569a2766622cb74d90c1
| NVD | openEuler | |
|---|---|---|
| Confidentiality | Low | |
| Attack Vector | Adjacent | |
| CVSS评分 | N/A | 4.6 |
| Attack Complexity | High | |
| Privileges Required | Low | |
| Scope | Unchanged | |
| Integrity | Low | |
| User Interaction | None | |
| Availability | Low |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2025-1641 | abseil-cpp security update | 2025年3月18日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.4-5A | abseil-cpp | Fixed |
| KY3.5.3 | abseil-cpp | Fixed |
| V6 | abseil-cpp | Fixed |
