13 matches found
JLSEC-2026-423 curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the...
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...
EUVD-2025-29013
Malicious code in bioql PyPI...
CVE-2025-10148
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...
ALPINE-CVE-2025-10148
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...
DEBIAN-CVE-2025-10148
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...
UBUNTU-CVE-2025-10148
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...
Generation of Predictable Numbers or Identifiers
Overview Affected versions of this package are vulnerable to Generation of Predictable Numbers or Identifiers via the websocket component due to using a fixed 32 bit mask that persisted and was used throughout the entire connection instead of updating it for each new outgoing frame as the...
Generation of Predictable Numbers or Identifiers
Overview curl is a command line tool and library for transferring data with URL syntax, supporting DICT, FILE, FTP, FTPS, GOPHER, GOPHERS, HTTP, HTTPS, IMAP, IMAPS, LDAP, LDAPS, MQTT, POP3, POP3S, RTMP, RTMPS, RTSP, SCP, SFTP, SMB, SMBS, SMTP, SMTPS, TELNET and TFTP. libcurl offers a myriad of...
CVE-2025-10148
CVE-2025-10148 affects curl’s WebSocket implementation where the 32-bit mask pattern was not updated per outgoing frame as required by the spec. The fixed mask persisted for the entire connection, enabling a malicious server to induce traffic between the two communicating parties that an intermed...
CVE-2025-10148
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...
CVE-2025-10148 predictable WebSocket mask
curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...
CURL-CVE-2025-10148 predictable WebSocket mask
curl's WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...
PT-2025-37027
Name of the Vulnerable Software and Affected Versions: curl affected versions not specified Description: The websocket code in curl did not update the 32-bit mask pattern for each new outgoing frame, as required by the specification. Instead, a fixed mask was used throughout the entire connection...