USN-6237-1 fixed several vulnerabilities in curl. This update provides the
corresponding updates for Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and
Ubuntu 18.04 LTS.

Original advisory details:

Hiroki Kurosawa discovered that curl incorrectly handled validating certain
certificate wildcards. A remote attacker could possibly use this issue to
spoof certain website certificates using IDN hosts. (CVE-2023-28321)

Hiroki Kurosawa discovered that curl incorrectly handled callbacks when
certain options are set by applications. This could cause applications
using curl to misbehave, resulting in information disclosure, or a denial
of service. (CVE-2023-28322)

It was discovered that curl incorrectly handled saving cookies to files. A
local attacker could possibly use this issue to create or overwrite files.
This issue only affected Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-32001)

References

ubuntu.com/security/CVE-2023-28321

ubuntu.com/security/CVE-2023-28322

ubuntu.com/security/notices/USN-6237-3

ubuntu 3

openvas 37

cloudfoundry 2

osv 11

ibm 11

nessus 59

redhat 9

fedora 4

oraclelinux 3

almalinux 3

freebsd 1

slackware 2

veracode 4

cbl_mariner 12

hackerone 6

redos 1

amazon 1

redhatcve 3

debian 3

debiancve 3

cgr 1

wolfi 1

cve 3

ubuntucve 3

prion 3

alpinelinux 2

cvelist 2

photon 4

rocky 2

ubuntu

curl vulnerabilities

2023-07-19 00:00:00

curl vulnerabilities

2023-09-11 00:00:00

curl regression

2023-07-19 00:00:00

openvas

Ubuntu: Security Advisory (USN-6237-2)

2023-07-20 00:00:00

Ubuntu: Security Advisory (USN-6237-3)

2023-09-12 00:00:00

Ubuntu: Security Advisory (USN-6237-1)

2023-07-20 00:00:00

cloudfoundry

USN-6237-1: curl vulnerabilities | Cloud Foundry

2024-03-18 00:00:00

USN-6237-2: curl regression | Cloud Foundry

2023-08-10 00:00:00

osv

curl regression

2023-07-19 17:34:44

curl vulnerabilities

2023-07-19 12:11:55

Moderate: curl security update

2023-08-01 00:00:00

ibm

Security Bulletin: Multiple publicly disclosed libcurl vulnerabilities affect IBM Safer Payments

2023-12-11 15:17:27

Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.

2024-03-01 07:00:05

Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC

2023-09-25 20:08:28

nessus

EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2578)

2023-08-08 00:00:00

Fedora 38 : curl (2023-37eac50e9b)

2023-06-07 00:00:00

EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2023-2979)

2024-01-16 00:00:00

redhat

(RHSA-2023:4354) Moderate: curl security update

2023-08-01 07:58:15

(RHSA-2023:5598) Moderate: curl security update

2023-10-10 14:20:03

(RHSA-2024:0585) Moderate: curl security and bug fix update

2024-01-30 12:53:25

fedora

[SECURITY] Fedora 38 Update: curl-8.0.1-2.fc38

2023-06-07 02:15:37

[SECURITY] Fedora 37 Update: curl-7.85.0-9.fc37

2023-06-08 02:00:39

[SECURITY] Fedora 37 Update: curl-7.85.0-10.fc37

2023-08-01 01:32:25

oraclelinux

curl security update

2023-08-02 00:00:00

curl security update

2023-08-10 00:00:00

curl security and bug fix update

2024-04-03 00:00:00

almalinux

Moderate: curl security update

2023-08-01 00:00:00

Moderate: curl security update

2023-08-08 00:00:00

Moderate: curl security and bug fix update

2024-04-02 00:00:00

freebsd

curl -- multiple vulnerabilities

2023-03-21 00:00:00

slackware

[slackware-security] curl

2023-05-17 21:00:11

[slackware-security] curl

2023-07-19 20:41:36

veracode

Race Condition

2023-07-28 12:50:09

Improper Certificate Validation

2023-06-07 10:17:40

Use After Free

2023-06-04 10:55:34

cbl_mariner

CVE-2023-32001 affecting package curl for versions less than 8.2.1-1

2023-08-18 20:45:02

CVE-2023-32001 affecting package rust for versions less than 1.72.0-2

2023-10-11 01:41:59

CVE-2023-32001 affecting package tensorflow for versions less than 2.16.1-1

2024-04-17 22:02:46

hackerone

Internet Bug Bounty: [curl] CVE-2023-32001: fopen race condition

2023-07-21 03:35:02

curl: CVE-2023-32001: fopen race condition

2023-06-27 07:05:59

Internet Bug Bounty: CVE-2023-28321: IDN wildcard match

2023-05-18 09:11:02

redos

ROS-20230621-04

2023-06-21 00:00:00

amazon

Medium: curl

2023-08-31 22:29:00

redhatcve

CVE-2023-32001

2023-07-19 08:37:27

CVE-2023-28322

2023-05-17 09:28:10

CVE-2023-28321

2023-05-17 09:27:51

debian

[SECURITY] [DSA 5460-1] curl security update

2023-07-26 19:37:19

[SECURITY] [DLA 3692-1] curl security update

2023-12-22 14:28:17

[SECURITY] [DLA 3613-1] curl security update

2023-10-11 11:49:26

debiancve

CVE-2023-32001

2023-07-26 21:15:00

CVE-2023-28321

2023-05-26 21:15:16

CVE-2023-28322

2023-05-26 21:15:16

cgr

CVE-2023-32001 vulnerabilities

2024-01-25 17:18:02

wolfi

CVE-2023-32001 vulnerabilities

2024-01-25 13:47:19

cve

CVE-2023-32001

2023-07-26 21:15:10

CVE-2023-28322

2023-05-26 21:15:16

CVE-2023-28321

2023-05-26 21:15:16

ubuntucve

CVE-2023-32001

2023-07-19 00:00:00

CVE-2023-28322

2023-05-17 00:00:00

CVE-2023-28321

2023-05-17 00:00:00

prion

Design/Logic Flaw

2023-07-26 21:15:00

Information disclosure

2023-05-26 21:15:00

Input validation

2023-05-26 21:15:00

alpinelinux

CVE-2023-28321

2023-05-26 21:15:16

CVE-2023-28322

2023-05-26 21:15:16

cvelist

CVE-2023-28322

2023-05-26 00:00:00

CVE-2023-28321

2023-05-26 00:00:00

photon

Moderate Photon OS Security Update - PHSA-2023-4.0-0432

2023-07-19 00:00:00

Moderate Photon OS Security Update - PHSA-2023-3.0-0616

2023-07-20 00:00:00

Important Photon OS Security Update - PHSA-2023-3.0-0589

2023-05-31 00:00:00

rocky

curl security update

2023-10-06 23:10:01

curl security and bug fix update

2024-04-05 14:55:53

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
OpenSource

@2024 Vulners Inc

7.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.4%

JSON

Related for OSV:USN-6237-3