Lucene search

K
redhatRedHatRHSA-2024:0452
HistoryJan 24, 2024 - 2:40 p.m.

(RHSA-2024:0452) Moderate: curl security update

2024-01-2414:40:52
access.redhat.com
24
curl security
information disclosure
file transfer
bug fix
protocol libraries

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

30.9%

The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.

Security Fix(es):

  • curl: information disclosure by exploiting a mixed case flaw (CVE-2023-46218)

Bug Fix(es):

  • Cannot upload files bigger than 64K to “SSH-2.0-9.99 sshlib” server, transfer hangs (RHEL-14836)

  • curl: Incomplete patch for host name wildcard checking (RHEL-20618)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

30.9%