Medium: curl

🗓️ 22 Mar 2023 00:00:00Reported by AmazonType

amazon

amazon🔗 alas.aws.amazon.com👁 1 Views

Curl flaws include authentication bypass, leakage on redirects, IPv6 zone handling.

Reporter	Title	Published	Views	Family All 1659
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	23 Sep 202222:05	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-32206, CVE-2022-32208)	7 Oct 202218:12	–	ibm
IBM Security Bulletins	Security Bulletin: libcurl as used by IBM QRadar Wincollect agent is vulnerable to denial of service (CVE-2022-43552, CVE-2022-43551)	25 Jan 202319:11	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a man-in-the-middle attack in cURL libcurl (CVE-2022-32208)	31 Mar 202316:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Kubernetes, curl and systemd	19 Jun 202308:19	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data v5.0.3 is vulnerable to multiple Operator package issues	12 Dec 202416:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to data information exposure in cURL libcurl (CVE-2022-27776)	12 Jan 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC	15 Jun 202317:06	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM Java, OpenSSL, and libcurl may affect IBM Storage Protect for Virtual Environments: Data Protection for Microsoft Hyper-V	4 Apr 202418:41	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in libcurl may affect IBM Spectrum Copy Data Management (CVE-2022-27782, CVE-2022-27774, CVE-2021-22947, CVE-2022-22576, CVE-2022-27776, CVE-2021-22946)	17 Sep 202202:05	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Amazon Linux	2	aarch64	curl	7.87.0-2.amzn2023.0.2	curl-7.87.0-2.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	curl	7.87.0-2.amzn2023.0.2	curl-7.87.0-2.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	curl-debuginfo	7.87.0-2.amzn2023.0.2	curl-debuginfo-7.87.0-2.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	curl-debuginfo	7.87.0-2.amzn2023.0.2	curl-debuginfo-7.87.0-2.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	curl-debugsource	7.87.0-2.amzn2023.0.2	curl-debugsource-7.87.0-2.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	curl-debugsource	7.87.0-2.amzn2023.0.2	curl-debugsource-7.87.0-2.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	curl-minimal	7.87.0-2.amzn2023.0.2	curl-minimal-7.87.0-2.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	curl-minimal	7.87.0-2.amzn2023.0.2	curl-minimal-7.87.0-2.amzn2023.0.2.x86_64.rpm
Amazon Linux	2	aarch64	curl-minimal-debuginfo	7.87.0-2.amzn2023.0.2	curl-minimal-debuginfo-7.87.0-2.amzn2023.0.2.aarch64.rpm
Amazon Linux	2	x86_64	curl-minimal-debuginfo	7.87.0-2.amzn2023.0.2	curl-minimal-debuginfo-7.87.0-2.amzn2023.0.2.x86_64.rpm

15 Feb 2024 00:00Current

9.2High risk

Vulners AI Score9.2

CVSS 27.5

CVSS 3.19.8

EPSS0.03367

SSVC

authentication bypass redirect leakage ipv6 zone handling cookie leakage port redirects trailing dot cookies hostname parsing