CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
62.4%
Software: curl 7.61.1
OS: ROSA Virtualization 2.1
package_evr_string: curl-7.61.1-30.rv3.2c.src.rpm
CVE-ID: CVE-2022-32206
BDU-ID: 2022-06918
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the CURL server communication software tool is related to the allocation of unlimited memory. Exploitation of the vulnerability allows an attacker acting remotely to cause a denial of service
CVE-STATUS: Resolved
CVE-REV: To close, run the yum update curl command
CVE-ID: CVE-2022-43552
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Usage after a free vulnerability exists in curl <7.87.0. Curl can be asked to “tunnel” almost all protocols it supports through HTTP proxies. HTTP proxies can (and often do) block such tunneling operations. Having been denied tunneling certain SMB or TELNET protocols, curl will use the structure allocated in the heap, once released, in its transmission termination code path.
CVE-STATUS: Fixed
CVE-REV: To close, run the yum update curl command
CVE-ID: CVE-2023-23916
BDU-ID: None
CVE-Crit: MEDIUM
CVE-DESC.: Unconstrained resource allocation or regulatory vulnerability exists in curl
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
Percentile
62.4%