ROS-20240812-14

🗓️ 12 Aug 2024 00:00:00Reported by RedosType

redos

redos🔗 redos.red-soft.ru👁 308 Views

Vulnerability in cURL's utf8asn1str() functio

Reporter	Title	Published	Views	Family All 95
IBM Security Bulletins	Security Bulletin: IBM QRadar Wincollect is vulnerable to using components with known vulnerabilities	11 Sep 202408:43	–	ibm
IBM Security Bulletins	Security Bulletin: DataStage on Cloud Pak for Data is vulnerable to stack overwrite due to the libcurl package (CVE-2024-6197)	2 Sep 202514:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for August 2024.	15 Apr 202502:56	–	ibm
IBM Security Bulletins	Security Bulletin: PowerSC is vulnerable to information disclosure, denial of service, and security restrictions bypass due to Curl	4 Dec 202422:17	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM WebSphere Application Server Liberty, OpenSSL, libcurl, IBM Java, and IBM Storage Protect Backup-Archive Client may affect IBM Storage Protect Backup-Archive Client	18 Oct 202412:50	–	ibm
AlpineLinux	CVE-2024-6197	24 Jul 202407:29	–	alpinelinux
BDU FSTEC	The vulnerability of the utf8asn1str() function in the ASN1 parser’s command-line utility cURL allows a attacker to execute arbitrary code or cause a service failure.	7 Aug 202400:00	–	bdu_fstec
CBLMariner	CVE-2024-6197 affecting package curl for versions less than 8.8.0-2	15 Oct 202418:24	–	cbl_mariner
CBLMariner	CVE-2024-6197 affecting package cmake for versions less than 3.30.3-2	1 Oct 202418:58	–	cbl_mariner
CBLMariner	CVE-2024-6197 affecting package curl for versions less than 8.8.0-2	12 Sep 202423:01	–	cbl_mariner

OS	OS Version	Architecture	Package	Package Version	Filename
redos	7.3	x86_64	curl	7.85.0-20	UNKNOWN

12 Aug 2024 00:00Current

6.8Medium risk

Vulners AI Score6.8

CVSS 3.17.5

EPSS0.01302

SSVC

curl asn1 parser utf8asn1str()memory release vulnerability denial of service unix