2 matches found
AZL-34603 CVE-2023-27537 affecting package cmake for versions less than 3.28.2-1
A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...
AZL-34613 CVE-2023-27538 affecting package cmake for versions less than 3.28.2-1
An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequen...