Lucene search

K
ubuntuUbuntuUSN-6237-3
HistorySep 11, 2023 - 12:00 a.m.

curl vulnerabilities

2023-09-1100:00:00
ubuntu.com
23
ubuntu
14.04
16.04
18.04
curl
https
ftp
vulnerabilities
certificate
spoof
idn hosts
denial of service
cookies

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.3%

Releases

  • Ubuntu 18.04 ESM
  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • curl - HTTP, HTTPS, and FTP client and client libraries

Details

USN-6237-1 fixed several vulnerabilities in curl. This update provides the
corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and
Ubuntu 18.04 LTS.

Original advisory details:

Hiroki Kurosawa discovered that curl incorrectly handled validating certain
certificate wildcards. A remote attacker could possibly use this issue to
spoof certain website certificates using IDN hosts. (CVE-2023-28321)

Hiroki Kurosawa discovered that curl incorrectly handled callbacks when
certain options are set by applications. This could cause applications
using curl to misbehave, resulting in information disclosure, or a denial
of service. (CVE-2023-28322)

It was discovered that curl incorrectly handled saving cookies to files. A
local attacker could possibly use this issue to create or overwrite files.
This issue only affected Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-32001)

OSVersionArchitecturePackageVersionFilename
Ubuntu18.04noarchcurl< 7.58.0-2ubuntu3.24+esm1UNKNOWN
Ubuntu18.04noarchcurl< 7.58.0-2ubuntu3.24UNKNOWN
Ubuntu18.04noarchcurl-dbgsym< 7.58.0-2ubuntu3.24UNKNOWN
Ubuntu18.04noarchlibcurl3-gnutls< 7.58.0-2ubuntu3.24UNKNOWN
Ubuntu18.04noarchlibcurl3-gnutls-dbgsym< 7.58.0-2ubuntu3.24UNKNOWN
Ubuntu18.04noarchlibcurl3-nss< 7.58.0-2ubuntu3.24UNKNOWN
Ubuntu18.04noarchlibcurl3-nss-dbgsym< 7.58.0-2ubuntu3.24UNKNOWN
Ubuntu18.04noarchlibcurl4< 7.58.0-2ubuntu3.24UNKNOWN
Ubuntu18.04noarchlibcurl4-dbgsym< 7.58.0-2ubuntu3.24UNKNOWN
Ubuntu18.04noarchlibcurl4-doc< 7.58.0-2ubuntu3.24UNKNOWN
Rows per page:
1-10 of 591

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

52.3%