Lucene search
OracleLinuxELSA-2023-7743HistoryDec 12, 2023 - 12:00 a.m.
curl security update
2023-12-1200:00:00
linux.oracle.com
7
curl
security update
certificate load
cve-2019-5482
cve-2016-8615
cve-2016-8616
cve-2016-8617
cve-2016-8618
cve-2016-8619
cve-2016-8621
cve-2016-8622
cve-2016-8623
cve-2016-8624
orabug: 32836997
orabug: 30568724
orabug: 28939992
http proxy deny
2048-bit rsa keys
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.3 High
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
37.3%
[7.29.0-59.0.3.el7_9.2]
- load CA certificates even with --insecure [Orabug: 32836997]
- Fix TFTP small blocksize heap buffer overflow (https://curl.haxx.se/docs/CVE-2019-5482.html)[CVE-2019-5482][Orabug: 30568724]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
- Drop 1001-tftp-Alloc-maximum-blksize-and-use-default-unless-OA.patch
[7.29.0-59.el7_9.2] - fix HTTP proxy deny use after free (CVE-2022-43552)
- rebuild certs with 2048-bit RSA keys
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 7 | src | curl | < 7.29.0-59.0.3.el7_9.2 | curl-7.29.0-59.0.3.el7_9.2.src.rpm |
| oracle linux | 7 | src | curl | < 7.29.0-59.0.3.el7_9.2 | curl-7.29.0-59.0.3.el7_9.2.src.rpm |
| oracle linux | 7 | src | curl | < 7.29.0-59.0.3.el7_9.2 | curl-7.29.0-59.0.3.el7_9.2.src.rpm |
| oracle linux | 7 | aarch64 | curl | < 7.29.0-59.0.3.el7_9.2 | curl-7.29.0-59.0.3.el7_9.2.aarch64.rpm |
| oracle linux | 7 | aarch64 | curl | < 7.29.0-59.0.3.el7_9.2 | curl-7.29.0-59.0.3.el7_9.2.aarch64.rpm |
| oracle linux | 7 | aarch64 | libcurl | < 7.29.0-59.0.3.el7_9.2 | libcurl-7.29.0-59.0.3.el7_9.2.aarch64.rpm |
| oracle linux | 7 | aarch64 | libcurl | < 7.29.0-59.0.3.el7_9.2 | libcurl-7.29.0-59.0.3.el7_9.2.aarch64.rpm |
| oracle linux | 7 | aarch64 | libcurl-devel | < 7.29.0-59.0.3.el7_9.2 | libcurl-devel-7.29.0-59.0.3.el7_9.2.aarch64.rpm |
| oracle linux | 7 | aarch64 | libcurl-devel | < 7.29.0-59.0.3.el7_9.2 | libcurl-devel-7.29.0-59.0.3.el7_9.2.aarch64.rpm |
| oracle linux | 7 | src | curl | < 7.29.0-59.0.3.el7_9.2 | curl-7.29.0-59.0.3.el7_9.2.src.rpm |
Related
nessus
nessus
CentOS 7 : curl (RHSA-2023:7743)
2023-12-22 00:00:00
CentOS 9 : curl-7.76.1-22.el9
2024-02-29 00:00:00
EulerOS 2.0 SP10 : curl (EulerOS-SA-2023-1522)
2023-03-19 00:00:00
ibm
ibm
cbl_mariner
cbl_mariner
CVE-2022-43552 affecting package mysql 8.0.32-1
2023-05-03 16:24:32
CVE-2022-43552 affecting package cmake 3.21.4-10
2024-03-19 17:21:46
CVE-2022-43552 affecting package rust 1.68.2-5
2023-10-11 01:41:59
redos
redos
ROS-20230414-04
2023-04-14 00:00:00
openvas
openvas
CentOS: Security Advisory for curl (CESA-2023:7743)
2024-03-05 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2139)
2023-06-09 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1547)
2023-03-20 00:00:00
kaspersky
kaspersky
KLA48563 ACE vulnerability in Microsoft Mariner
2023-02-10 00:00:00
KLA48562 ACE vulnerability in Microsoft Windows
2023-02-10 00:00:00
wolfi
wolfi
CVE-2022-43552 vulnerabilities
2024-04-29 16:00:10
ubuntucve
ubuntucve
CVE-2022-43552
2022-12-21 00:00:00
cgr
cgr
CVE-2022-43552 vulnerabilities
2024-04-29 15:59:53
osv
osv
CVE-2022-43552
2023-02-09 20:15:10
curl vulnerabilities
2023-01-05 17:15:18
Low: curl security and bug fix update
2023-05-16 00:00:00
centos
centos
curl, libcurl security update
2024-01-12 19:12:33
alpinelinux
alpinelinux
CVE-2022-43552
2023-02-09 20:15:00
debiancve
debiancve
CVE-2022-43552
2023-02-09 20:15:00
redhat
redhat
(RHSA-2023:7743) Low: curl security update
2023-12-12 16:01:33
(RHSA-2023:2478) Low: curl security update
2023-05-09 05:11:57
(RHSA-2023:2963) Low: curl security and bug fix update
2023-05-16 05:59:21
f5
f5
K000133092 : cURL vulnerability CVE-2022-43552
2023-03-21 00:00:00
veracode
veracode
Use-After-Free
2022-12-23 19:14:50
hackerone
hackerone
curl: CVE-2022-43552: HTTP Proxy deny use-after-free
2022-11-07 16:45:50
cve
cve
CVE-2022-43552
2023-02-09 20:15:00
mscve
mscve
Open Source Curl Remote Code Execution Vulnerability
2023-02-10 00:00:00
prion
prion
Path traversal
2023-02-09 20:15:00
redhatcve
redhatcve
CVE-2022-43552
2022-12-21 09:36:44
oraclelinux
oraclelinux
curl security and bug fix update
2023-05-24 00:00:00
curl security update
2023-05-15 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2023-01-05 00:00:00
curl vulnerabilities
2023-02-27 00:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2022-12-31 01:39:00
almalinux
almalinux
Low: curl security and bug fix update
2023-05-16 00:00:00
Low: curl security update
2023-05-09 00:00:00
cloudfoundry
cloudfoundry
USN-5788-1: curl vulnerabilities | Cloud Foundry
2023-01-26 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: curl-7.82.0-12.fc36
2022-12-28 01:40:29
[SECURITY] Fedora 37 Update: curl-7.85.0-5.fc37
2022-12-26 01:06:29
photon
photon
Important Photon OS Security Update - PHSA-2022-0304
2022-12-21 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0508
2022-12-22 00:00:00
Important Photon OS Security Update - PHSA-2022-0551
2022-12-21 00:00:00
amazon
amazon
Medium: curl
2023-01-30 16:02:00
Medium: curl
2023-04-13 19:01:00
debian
debian
[SECURITY] [DSA 5330-1] curl security update
2023-01-27 17:53:54
[SECURITY] [DLA 3288-1] curl security update
2023-01-28 21:19:47
rosalinux
rosalinux
Advisory ROSA-SA-2023-2221
2023-08-22 13:21:47
ics
ics
Siemens SINEC NMS Third-Party
2023-05-11 12:00:00
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
aix
aix
Multiple vulnerabilities cURL libcurl affect AIX
2023-06-29 09:35:59
gentoo
gentoo
curl: Multiple Vulnerabilities
2023-10-11 00:00:00
mskb
mskb
April 11, 2023—KB5025224 (OS Build 22000.1817)
2023-04-11 07:00:00
April 11, 2023—KB5025221 (OS Builds 19042.2846, 19044.2846, and 19045.2846)
2023-04-11 07:00:00
April 11, 2023—KB5025239 (OS Build 22621.1555)
2023-04-11 07:00:00
apple
apple
About the security content of macOS Ventura 13.3
2023-03-27 00:00:00
tenable
tenable
[R1] Nessus Network Monitor 6.2.2 Fixes Multiple Vulnerabilities
2023-06-29 10:45:47
avleonov
avleonov
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
8.3 High
AI Score
Confidence
Low
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:N/I:N/A:P
0.001 Low
EPSS
Percentile
37.3%
Related for ELSA-2023-7743