Gentoo Linux Security Advisory 202212-1 - Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution. Versions less than 7.86.0 are affected.
e297fe6f1bca3eb09660ab5922cdfac1c9a3279734e9e89e74cc758a3e08ac46Debian Linux Security Advisory 5197-1 - Multiple security vulnerabilities have been discovered in cURL, an URL transfer library. These flaws may allow remote attackers to obtain sensitive information, leak authentication or cookie header data or facilitate a denial of service attack.
77ef9f5619851e18009af5092abdfe753f0a668e45b9771f079b64a5b7aa8ecaUbuntu Security Notice 5499-1 - Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server’s certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service. Harry Sintonen discovered that curl incorrectly handled certain FTP-KRB messages. An attacker could possibly use this to perform a machine-in-the-middle attack.
579ac0d4fbdd6b3c4bbc8ad5e07aa9f74a39a82dc0fe5bff37ac34f9fa633de5Ubuntu Security Notice 5412-1 - Axel Chong discovered that curl incorrectly handled percent-encoded URL separators. A remote attacker could possibly use this issue to trick curl into using the wrong URL and bypass certain checks or filters. This issue only affected Ubuntu 22.04 LTS. Florian Kohnhuser discovered that curl incorrectly handled returning a TLS server's certificate chain details. A remote attacker could possibly use this issue to cause curl to stop responding, resulting in a denial of service.
477ec6bff1dfd28bf6df200de8f8540192a02b1e6306fa486d364e719ff4bca8
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed