Lucene search
+L

4 matches found

Debian CVE
Debian CVE
added 2025/09/12 5:10 a.m.14 views

CVE-2025-10148

curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7AI score0.00466EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/09/12 12:0 a.m.21 views

Curl 8.11.0 < 8.16.0 Predictable WebSocket Mask (CVE-2025-10148)

The version of Curl installed on the remote host is 8.11.0 prior to 8.16.0. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-10148 advisory. - curl's websocket code did not update the 32 bit mask pattern for each new outgoing frame as the specification says. Instead it...

5.3CVSS7.6AI score0.00466EPSS
Exploits0References2
OSV
OSV
added 2025/09/10 8:0 a.m.12 views

CURL-CVE-2025-10148 predictable WebSocket mask

curl's WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7.4AI score0.00466EPSS
Exploits0
curl security advisories
curl security advisories
added 2025/09/10 8:0 a.m.7 views

predictable WebSocket mask

curl's WebSocket code did not update the 32-bit mask pattern for each new outgoing frame as the specification says. Instead it used a fixed mask that persisted and was used throughout the entire connection. A predictable mask pattern allows for a malicious server to induce traffic between the two...

5.3CVSS7.2AI score0.00466EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder