Lucene search

K
mageiaGentoo FoundationMGASA-2023-0288
HistoryOct 14, 2023 - 1:56 a.m.

Updated the curl packages to fix two security vulnerabilities

2023-10-1401:56:51
Gentoo Foundation
advisories.mageia.org
14
curl
libcurl
heap buffer overflow
cookie injection
socks5
remote hostname resolution
cookie injection attack
unix

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.8%

curl/libcurl is vulnerable to a heap buffer overflow in its SOCKS5 support that could be exploited by a remote web server when curl is configured to use a SOCKS5 proxy with remote hostname resolution. libcurl is vulnerable to a cookie injection attack where a local attacker can inject cookies into certain vulnerable applications using libcurl.

OSVersionArchitecturePackageVersionFilename
Mageia8noarchcurl< 7.74.0-1.14curl-7.74.0-1.14.mga8
Mageia9noarchcurl< 7.88.1-3.2curl-7.88.1-3.2.mga9

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.003 Low

EPSS

Percentile

70.8%