4 matches found
ROS-20260529-73-0018
The vulnerability of the sscanf function in the libcurl library, a software tool for interacting with servers via CURL, is related to the use of uninitialized resources. Exploiting this vulnerability could allow an attacker to gain unauthorized access to protected information...
Cleartext Transmission of Sensitive Information
Overview Affected versions of this package are vulnerable to Cleartext Transmission of Sensitive Information due to the incorrect reuse of an unencrypted connection for a subsequent request that expects TLS. An attacker can intercept sensitive information if the second connection is done to the...
libcurl 安全漏洞
libcurl is a free and easy-to-use client-side URL transport library from the cURL open source. A security vulnerability exists in libcurl ASN1 versions 8.6.0 through 8.8.0 that stems from the utf8asn1str function calling free to free a 4-byte local stack buffer when an invalid field is detected a...
AZL-25846 CVE-2023-27535 affecting package curl for versions less than 8.0.1-1
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...