Linux Distros Unpatched Vulnerability : CVE-2022-43551

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use...

ROS-20230414-23

The curl program vulnerability is related to the handling of IDN characters in hostnames, the HSTS mechanism can be bypassed, if the hostname in the specified URL first uses IDN characters that are replaced with ASCII analogs during IDN conversion, then in a subsequent request it does not detect...

CBL Mariner 2.0 Security Update: curl (CVE-2022-42916)

The version of curl installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-42916 advisory. - In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS...

Tenable SecurityCenter 5.22.0 / 5.23.1 Multiple Vulnerabilities (TNS-2023-05)

According to its self-reported version, the Tenable SecurityCenter application installed on the remote host is running 5.22.0 or 5.23.1 and is therefore affected by multiple vulnerabilities in curl starting with 7.77.0 and before 7.86.0: - If curl is told to use an HTTP proxy for a transfer with ...

Curl Cleartext Information Disclosure < 7.87 (CVE-2022-43551)

The version of Curl installed on the remote host is prior to 7.87.0. It is therefore affected by an information disclosure vulnerability where the HSTS mechanism could be bypassed to trick curl to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an...

USN-5788-1: curl vulnerabilities | Cloud Foundry

Severity Medium Vendor Canonical Ubuntu Versions Affected Canonical Ubuntu 18.04 Canonical Ubuntu 22.04 Description Hiroki Kurosawa discovered that curl incorrectly handled HSTS support when certain hostnames included IDN characters. A remote attacker could possibly use this issue to cause curl t...

Ubuntu: Security Advisory (USN-5788-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-43551

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

CVE-2022-43551

A vulnerability exists in curl 7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypasse...

CVE-2022-43551

A vulnerability was found in curl. The issue can occur when curl's HSTS check is bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of an insecure clear-text HTTP step even when providing HTTP in the URL. Suppose the hostname in the given...

Amazon Linux 2022 : curl (ALAS2022-2022-246)

The version of curl installed on the remote host is prior to 7.86.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-246 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send,...

Amazon Linux 2 : curl (ALAS-2022-1882)

The version of curl installed on the remote host is prior to 7.79.1-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1882 advisory. A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read...

Weak Encryption

curl has weak encryption implementation. The vulnerability exists due to lack of conditional checks in HSTS which allows an attacker to bypass it if the host name in the given URL uses IDN characters...

Slackware Linux 14.0 / 14.1 / 14.2 / 15.0 / current curl Multiple Vulnerabilities (SSA:2022-299-01)

The version of curl installed on the remote host is prior to 7.86.0. It is, therefore, affected by multiple vulnerabilities as referenced in the SSA:2022-299-01 advisory. - curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non- HTTPS URL, it sets up...

USN-5702-1: curl vulnerabilities

Robby Simpson discovered that curl incorrectly handled certain POST operations after PUT operations. This issue could cause applications using curl to send the wrong data, perform incorrect memory operations, or crash. CVE-2022-32221 Hiroki Kurosawa discovered that curl incorrectly handled parsin...

PT-2022-5378

Name of the Vulnerable Software and Affected Versions curl versions 7.77.0 through 7.85.0 Description The issue is related to the HSTS check in curl, which can be bypassed to trick it into staying with HTTP. This can happen when the host name in the given URL uses IDN characters that get replaced...