Lucene search

K
osvGoogleOSV:RLSA-2023:3106
HistoryMay 18, 2023 - 7:18 p.m.

Moderate: curl security and bug fix update

2023-05-1819:18:14
Google
osv.dev
16
curl
libcurl
utility
download
http
ftp
ldap
security fix
cve-2023-27535
bug fix
jscape sftp server

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

61.6%

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: FTP too eager connection reuse (CVE-2023-27535)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Cannot upload files to Jscape SFTP server: file gets created empty (BZ#2188029)

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

7.2

Confidence

Low

EPSS

0.002

Percentile

61.6%