Lucene search

K
redhatRedHatRHSA-2023:7743
HistoryDec 12, 2023 - 4:01 p.m.

(RHSA-2023:7743) Low: curl security update

2023-12-1216:01:33
access.redhat.com
22
rhsa-2023-7743 curl security update use-after-free vulnerability http proxy cve-2022-43552 unix libraries protocols ftp ldap servers cvss acknowledgments references impact.

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

51.5%

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: Use-after-free triggered by an HTTP proxy deny response (CVE-2022-43552)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7

Confidence

Low

EPSS

0.001

Percentile

51.5%