Lucene search

K
mageiaGentoo FoundationMGASA-2022-0483
HistoryDec 31, 2022 - 1:39 a.m.

Updated curl packages fix security vulnerability

2022-12-3101:39:00
Gentoo Foundation
advisories.mageia.org
158
curl
packages
hsts bypass
http proxy
vulnerabilities
security

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

51.5%

Another HSTS bypass via IDN. (CVE-2022-43551) HTTP Proxy deny use-after-free. (CVE-2022-43552)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchcurl< 7.74.0-1.10curl-7.74.0-1.10.mga8

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

51.5%