CNNVD-202506-2842 Information
CNNVD ID
CNNVD-202506-2842
Related CVE
- CNNVD Published: 2025-06-21
Description (Chinese)
POCO是POCO开源的一个跨平台 C++ 库。用于构建在桌面、服务器、移动、物联网和嵌入式系统上运行的基于网络和互联网的应用程序。 POCO 1.14.1及之前版本存在安全漏洞,该漏洞源于文件Net/src/MultipartReader.cpp中函数MultipartInputStream的错误操作导致空指针取消引用。
Description (English)
POCO is a cross-platform C++ library from the open source of POCO. Web-based and Internet-based applications to build on desktops, servers, mobile, physical networking and embedded systems. A security loophole exists in POCO 1.14.1 and earlier versions, which stems from the error in the MultipartInputStream function of the file Net/src/MultipartReader.cpp, which resulted in an empty pointer cancellation.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
POCO
Published
2025-06-21
Last Modified
2026-02-24
References
https://github.com/pocoproject/poco/commit/6f2f85913c191ab9ddfb8fae781f5d66afccf3bf https://github.com/pocoproject/poco/issues/4915 https://github.com/pocoproject/poco/releases/tag/poco-1.14.2-release https://github.com/user-attachments/files/19524599/poco_crash.txt https://vuldb.com/?ctiid.313370 https://vuldb.com/?id.313370 https://vuldb.com/?submit.597446 https://access.redhat.com/security/cve/cve-2025-6375
Patch
https://github.com/pocoproject/poco/releases
Share on: