NewStart CGSL CORE 5.04 / MAIN 5.04 : curl Vulnerability (NS-SA-2019-0193)
Medium Nessus Plugin ID 129914
SynopsisThe remote machine is affected by a vulnerability.
DescriptionThe remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has curl packages installed that are affected by a vulnerability:
- Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. (CVE-2018-16842)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
SolutionUpgrade the vulnerable CGSL curl packages. Note that updated packages may not be available yet. Please contact ZTE for more information.