Lucene search

K
redhatRedHatRHSA-2024:0434
HistoryJan 24, 2024 - 2:40 p.m.

(RHSA-2024:0434) Moderate: curl security update

2024-01-2414:40:38
access.redhat.com
22
curl
libcurl
http
ftp
ldap
information disclosure
mixed case flaw
cve-2023-46218
file transfer
ssh server
rhel-14835

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

30.9%

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)

Bug Fix(es):

  • Cannot upload files bigger than 64K to “SSH-2.0-9.99 sshlib” server, transfer hangs (RHEL-14835)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

30.9%