Fedora: Security Advisory for curl (FEDORA-2023-b1253907f1) - The remote host is missing an update for the 'curl' package(s) announced via the FEDORA-2023-b1253907f1 advisory
Reporter | Title | Published | Views | Family All 106 |
---|---|---|---|---|
![]() | Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Vulnerability (SSA:2023-256-01) | 14 Sep 202300:00 | – | nessus |
![]() | SUSE SLES12 Security Update : curl (SUSE-SU-2023:3692-1) | 21 Sep 202300:00 | – | nessus |
![]() | Fedora 39 : curl (2023-43ef9f5376) | 7 Nov 202300:00 | – | nessus |
![]() | Photon OS 5.0: Curl PHSA-2023-5.0-0095 | 23 Jul 202400:00 | – | nessus |
![]() | Amazon Linux 2 : curl (ALAS-2023-2271) | 5 Oct 202300:00 | – | nessus |
![]() | Ubuntu 23.04 : curl vulnerability (USN-6363-1) | 13 Sep 202300:00 | – | nessus |
![]() | Curl 7.84 <= 8.2.1 Header DoS (CVE-2023-38039) | 14 Sep 202300:00 | – | nessus |
![]() | Fedora 37 : curl (2023-98dff7aae5) | 26 Sep 202300:00 | – | nessus |
![]() | FreeBSD : curl -- HTTP headers eat all memory (833b469b-5247-11ee-9667-080027f5fec9) | 18 Sep 202300:00 | – | nessus |
![]() | Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2023-368) | 3 Oct 202300:00 | – | nessus |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.884824");
script_version("2023-10-12T05:05:32+0000");
script_cve_id("CVE-2023-38039");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"last_modification", value:"2023-10-12 05:05:32 +0000 (Thu, 12 Oct 2023)");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-09-20 15:08:00 +0000 (Wed, 20 Sep 2023)");
script_tag(name:"creation_date", value:"2023-09-17 01:19:00 +0000 (Sun, 17 Sep 2023)");
script_name("Fedora: Security Advisory for curl (FEDORA-2023-b1253907f1)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC38");
script_xref(name:"Advisory-ID", value:"FEDORA-2023-b1253907f1");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS");
script_tag(name:"summary", value:"The remote host is missing an update for the 'curl'
package(s) announced via the FEDORA-2023-b1253907f1 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"curl is a command line tool for transferring data with URL syntax, supporting
FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, IMAP,
SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP
uploading, HTTP form based upload, proxies, cookies, user+password
authentication (Basic, Digest, NTLM, Negotiate, kerberos...), file transfer
resume, proxy tunneling and a busload of other useful tricks.");
script_tag(name:"affected", value:"'curl' package(s) on Fedora 38.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "FC38") {
if(!isnull(res = isrpmvuln(pkg:"curl", rpm:"curl~8.0.1~4.fc38", rls:"FC38"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo