Lucene search

K
mageiaGentoo FoundationMGASA-2022-0185
HistoryMay 15, 2022 - 1:06 p.m.

Updated curl packages fix security vulnerability

2022-05-1513:06:40
Gentoo Foundation
advisories.mageia.org
62
curl security vulnerability certinfo tls ssh unix

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

56.7%

CERTINFO never-ending busy-loop. (CVE-2022-27781) TLS and SSH connection too eager reuse. (CVE-2022-27782)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchcurl< 7.74.0-1.6curl-7.74.0-1.6.mga8

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

EPSS

0.002

Percentile

56.7%