CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
88.2%
TELNET option IAC injection. (CVE-2023-27533) SFTP path ~ resolving discrepancy. (CVE-2023-27534) FTP too eager connection reuse. (CVE-2023-27535) GSS delegation too eager connection re-use. (CVE-2023-27536) HSTS double free. (CVE-2023-27537) SSH connection too eager reuse still. (CVE-2023-27538) UAF in SSH sha256 fingerprint check. (CVE-2023-28319) siglongjmp race condition. (CVE-2023-28320) IDN wildcard match. (CVE-2023-28321) more POST-after-PUT confusion. (CVE-2023-28322) HTTP headers eat all memory. (CVE-2023-38039)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Mageia | 8 | noarch | curl | < 7.74.0-1.13 | curl-7.74.0-1.13.mga8 |
Mageia | 9 | noarch | curl | < 7.88.1-3.1 | curl-7.88.1-3.1.mga9 |
bugs.mageia.org/show_bug.cgi?id=31703
curl.se/docs/CVE-2023-27533.html
curl.se/docs/CVE-2023-27534.html
curl.se/docs/CVE-2023-27535.html
curl.se/docs/CVE-2023-27536.html
curl.se/docs/CVE-2023-27537.html
curl.se/docs/CVE-2023-27538.html
curl.se/docs/CVE-2023-28319.html
curl.se/docs/CVE-2023-28320.html
curl.se/docs/CVE-2023-28321.html
curl.se/docs/CVE-2023-28322.html
curl.se/docs/CVE-2023-32001.html
curl.se/docs/CVE-2023-38039.html
lists.suse.com/pipermail/sle-security-updates/2023-May/014913.html
ubuntu.com/security/notices/USN-5964-1
ubuntu.com/security/notices/USN-6363-1