ROS-20241001-09

A vulnerability in the curl program is related to improper certificate validation. Exploitation of the vulnerability could allow an attacker acting remotely to affect the integrity of the system...

ROS-20240704-08

A vulnerability in the curl program line utility is related to the storage of HSTS data in a file with a too long name, curl can delete the entire contents, causing subsequent requests using the file to be unaware of the HSTS status they should have used. file will be unaware of the status of the...

ROS-20230414-03

The curl program vulnerability is related to the handling of IDN characters in hostnames, the HSTS mechanism can be bypassed, if the hostname in the specified URL first uses IDN characters that are replaced with ASCII analogs during IDN conversion, then in a subsequent request it does not detect...

ROS-20230406-01

A vulnerability in the curl program is related to the incorrect replacement of the tilde character when used as a prefix in the first path element, in addition to its intended use as the first element to specify a path relative to a user's home directory. element to specify a path relative to the...

curl: TFTP receive heap buffer overflow in tftp_receive_packet() function

A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1...