Dell Unity：是 Unity 受 CVE-2023-45802 影響

Summary: 本文探討 CVE-2023-45802 是否對 Unity 造成影響。

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Check out other resources

Symptoms

細節
CVE-2023-45802

改性
自上次由國家漏洞資料庫（NVD）分析以來，已修改此漏洞。目前正在等待進一步分析，這可能會導致所提供的資訊有進一步的變更。

描述
當用戶端重設 HTTP/2 串流（RST 框架）時，有一段時間沒有立即回收要求的記憶體資源。反之，取消分配會延延至連線關閉。用戶端可以傳送新的要求和重設，讓連線保持忙碌且開啟，並導致記憶體佔用空間持續增加。聯機關閉時，已回收所有資源，但此程式可能在該之前耗盡記憶體。在測試 CVE-2023-44487 （HTTP/2 快速重設利用）時，報表員在自己的測試用戶端中發現此問題。在「正常」的 HTTP/2 使用期間，發生此問題的機率很低。在連線關閉或逾時之前，保留的記憶體不會顯示。建議用戶升級至版本 2.4.58，以修正問題。

Cause

在 Unity 上，httpd.conf 或任何其他虛擬主機的組態檔案中不會啟用「mod_http2」。下列命令顯示未使用mod_http2。

apachectl -M | grep http2

因此，CVE-2023-45802 不會影響 Unity。

Resolution

CVE-2023-45802 不會影響 Unity。

Affected Products

Dell EMC Unity

Products

Dell Unity 450F DC, Dell Unity 300, Dell Unity 300 DC, Dell EMC Unity 300F, Dell EMC Unity 350F, Dell Unity 350F DC, Dell EMC Unity XT 380, Dell EMC Unity XT 380F, Dell EMC Unity 400, Dell Unity 400 DC, Dell EMC Unity 400F, Dell EMC Unity 450F , Dell EMC Unity XT 480, Dell EMC Unity XT 480F, Dell EMC Unity 500, Dell EMC Unity 500F, Dell EMC Unity 550F, Dell EMC Unity 600, Dell EMC Unity 600F, Dell EMC Unity 650F, Dell EMC Unity XT 680, Dell EMC Unity XT 680F, Dell EMC Unity XT 880, Dell EMC Unity XT 880F, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Family, Dell EMC Unity Hybrid, Dell Unity Operating Environment (OE), Dell EMC UnityVSA Professional Edition/Unity Cloud Edition ...

Article Number: 000220765

Article Type: Solution

Last Modified: 12 Jan 2024

Version: 2

Check if your device is covered by Support Services.

Dell Unity：是 Unity 受 CVE-2023-45802 影響

Summary: 本文探討 CVE-2023-45802 是否對 Unity 造成影響。

Symptoms

Cause

Resolution

Affected Products

Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services

Dell Unity：是 Unity 受 CVE-2023-45802 影響

Summary: 本文探討 CVE-2023-45802 是否對 Unity 造成影響。

Detailed Article

Symptoms

Cause

Resolution

Affected Products

Symptoms

Cause

Resolution

Affected Products

Products

Article Properties

Find answers to your questions from other Dell users

Support Services

Article Properties

Find answers to your questions from other Dell users

Support Services