5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.0%
The libcurl library vulnerability is related to FTP connection reuse, previously created connections are stored in a connection pool for reuse if they match the current connection pool.
connections are stored in the connection pool for reuse if they match the current configuration.
configuration. Exploitation of the vulnerability could allow an attacker to use incorrect credentials
when performing a transfer, potentially leading to unauthorized access to sensitive information.
sensitive information.
A vulnerability in the libcurl library is related to the lack of mutexes or thread locks when two threads
share the same HSTS data. Exploitation of the vulnerability could allow an attacker to,
re-release or use memory after a release.
The libcurl library vulnerability is related to the connection reuse feature, which can
reuse previously established connections with incorrect user permissions due to a
a failure in change checking in the CURLOPT_GSSAPI_DELEGATION option. Exploitation of the vulnerability could allow an
an attacker to affect krb5/kerberos / negotiate /GSSAPI data transfer and potentially lead to
unauthorized access to sensitive information.
The libcurl library vulnerability is related to an authentication bypass, in which libcurl reuses a
a previously established SSH connection, even though the SSH parameter has been changed, which should have
prevent reuse. Exploitation of the vulnerability could allow an attacker acting
remotely to easily map two SSH parameters, which could lead to the reuse of an inappropriate connection.
of an inappropriate connection.
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.002 Low
EPSS
Percentile
55.0%