12 matches found
Astra Linux – Vulnerability in curl
libcurl provides the CURLOPTCERTINFO option to allow applications to request details about a server’s certificate chain. Due to a faulty function, a malicious server could cause libcurl, built with NSS, to get stuck in an endless busy-loop when attempting to retrieve that information...
JLSEC-2025-38 libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Tim...
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: curl (UTSA-2025-987460)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987460 advisory. libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might...
Astra Linux – Vulnerability in curl
Libcurl’s ASN1 parser code includes the GTime2str function, which is used to parse an ASN.1 Generalized Time field. If a syntactically incorrect field is provided, the parser may end up using -1 as the length of the time fraction. This causes a strlen operation to be performed on a pointer to a...
ALPINE-CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
AZL-47282 CVE-2024-7264 affecting package cmake for versions less than 3.30.3-4
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
UBUNTU-CVE-2024-7264
libcurl's ASN1 parser code has the GTime2str function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the time fraction, leading to a strlen getting performed on a pointer to a heap buffer area that i...
SUSE CVE-2022-27781
libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...
CVE-2022-27781
libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...
CVE-2022-27781
libcurl provides the CURLOPTCERTINFO option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation...
ROS-20220524-21
The cURL command-line utility vulnerability is related to a bug in the HSTS implementation that could allow curl to continue using the HTTP protocol instead of HTTPS if the hostname in the specified URL used an endpoint but did not use it when building the HSTS cache. Exploitation of the...
PT-2022-2690
Name of the Vulnerable Software and Affected Versions libcurl affected versions not specified Description The issue is related to the CURLOPT CERTINFO option in libcurl, which allows applications to request details about a server's certificate chain. Due to an erroneous function, a malicious serv...