https://blog.qife122.com/tags/%E5%8D%8F%E8%AE%AE%E8%A7%A3%E6%9E%90/ Recent content in 协议解析 on 办公AI智能小助手 Hugo zh-cn qife Sun, 11 Jan 2026 19:07:06 +0800 https://blog.qife122.com/p/curl-alt-svc%E8%A7%A3%E6%9E%90%E9%80%BB%E8%BE%91%E7%BC%BA%E9%99%B7%E6%8C%81%E4%B9%85%E6%80%A7udp%E6%94%BE%E5%A4%A7%E4%B8%8E%E7%BC%93%E5%AD%98%E6%8A%95%E6%AF%92%E6%94%BB%E5%87%BB%E5%89%96%E6%9E%90/ Sun, 11 Jan 2026 19:07:06 +0800 https://blog.qife122.com/p/curl-alt-svc%E8%A7%A3%E6%9E%90%E9%80%BB%E8%BE%91%E7%BC%BA%E9%99%B7%E6%8C%81%E4%B9%85%E6%80%A7udp%E6%94%BE%E5%A4%A7%E4%B8%8E%E7%BC%93%E5%AD%98%E6%8A%95%E6%AF%92%E6%94%BB%E5%87%BB%E5%89%96%E6%9E%90/ <h3 id="报告摘要">报告摘要</h3> <p>libcurl的Alt-Svc头部解析器中存在一个结构性逻辑缺陷，导致攻击属性（特别是持久性<code>persist</code>和有效期<code>max-age</code>）可以从一个服务定义“泄漏”到另一个。</p>