EulerOS 2.0 SP8 : curl (EulerOS-SA-2024-2460)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowe...

Rocky Linux 9 : curl (RLSA-2023:0333)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0333 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option...

Use After Free

libcurl.so is vulnerable to Use After Free. Even when the CURLOPTPOSTFIELDS option is enabled, libcurl may mistakenly use the read callback CURLOPTREADFUNCTION while performing HTTPS transfers to request data to send. The application might misbehave and send the incorrect data or use memory that ...

CVE-2023-28322

An information disclosure vulnerability exists in curl v8.1.0 when doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously wasused to issue a PUT request...

CURL-CVE-2023-28322 more POST-after-PUT confusion

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...

EulerOS Virtualization 2.9.1 : curl (EulerOS-SA-2023-1633)

According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when...

CVE-2022-32221

CVE-2022-32221 concerns curl/libcurl where the read callback (CURLOPT_READFUNCTION) may be used for POST data even after a PUT if the same handle was used for a PUT with that callback. This can cause sending the wrong data or memory errors on a subsequent POST. Connected advisories note this affe...

Updated curl packages fix security vulnerability

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. CVE-2022-32221...

CVE-2022-32221

When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the CURLOPTPOSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the...