Lucene search

K
mageiaGentoo FoundationMGASA-2023-0263
HistorySep 25, 2023 - 1:16 a.m.

Updated curl packages fix security vulnerability

2023-09-2501:16:18
Gentoo Foundation
advisories.mageia.org
37
curl
security
vulnerability
packages
cves
unix
telnet
sftp
ftp
gss
hsts
ssh
uaf
siglongjmp
idn
http

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.017

Percentile

88.2%

TELNET option IAC injection. (CVE-2023-27533) SFTP path ~ resolving discrepancy. (CVE-2023-27534) FTP too eager connection reuse. (CVE-2023-27535) GSS delegation too eager connection re-use. (CVE-2023-27536) HSTS double free. (CVE-2023-27537) SSH connection too eager reuse still. (CVE-2023-27538) UAF in SSH sha256 fingerprint check. (CVE-2023-28319) siglongjmp race condition. (CVE-2023-28320) IDN wildcard match. (CVE-2023-28321) more POST-after-PUT confusion. (CVE-2023-28322) HTTP headers eat all memory. (CVE-2023-38039)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchcurl< 7.74.0-1.13curl-7.74.0-1.13.mga8
Mageia9noarchcurl< 7.88.1-3.1curl-7.88.1-3.1.mga9

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS

0.017

Percentile

88.2%