Siemens SIMATIC S7-1500 Double Free (CVE-2023-27537)

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate handles. This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks...

CBL Mariner 2.0 Security Update: rust / tensorflow / cmake / mysql (CVE-2023-27537)

The version of rust / tensorflow / cmake / mysql installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-27537 advisory. - A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data betwee...

CVE-2023-27537 affecting package cmake for versions less than 3.28.2-1

CVE-2023-27537 affecting package cmake for versions less than 3.28.2-1. An upgraded version of the package is available that resolves this issue...

CVE-2023-27537 affecting package rust for versions less than 1.72.0-2

CVE-2023-27537 affecting package rust for versions less than 1.72.0-2. An upgraded version of the package is available that resolves this issue...

BELL-CVE-2023-27537 CVE-2023-27537 does not affect BellSoft software

Bulletin has no description...

Security Bulletin: Multiple vulnerabilities in cURL libcurl affect AIX

Summary Multiple vulnerabilities in cURL libcurl affect AIX. AIX uses cURL libcurl as part of LV/PV encryption integration with HPCS. Vulnerability Details CVEID:CVE-2022-43552 DESCRIPTION: cURL libcurl is vulnerable to a denial of service, caused by a use-after-free flaw when using an HTTP proxy...

Medium: curl

Issue Overview: The curl advisory describes this issue as follows: curl supports communicating using the TELNET protocol and as a part of this it offers users to pass on user name and "telnet options" for the server negotiation. Due to lack of proper input scrubbing and without it being the...

CVE-2023-27537 affecting package mysql for versions less than 8.0.33-1

CVE-2023-27537 affecting package mysql for versions less than 8.0.33-1. An upgraded version of the package is available that resolves this issue...

AZL-25852 CVE-2023-27537 affecting package mysql for versions less than 8.0.33-1

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

CVE-2023-27537

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

CVE-2023-27537

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

CVE-2023-27537

CVE-2023-27537 is a double‑free vulnerability in libcurl

CVE-2023-27537

A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...

[slackware-security] curl

New curl packages are available for Slackware 14.0, 14.1, 14.2, 15.0, and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/curl-8.0.1-i586-1slack15.0.txz: Upgraded. This update fixes security issues: SSH connection too eager reuse still. HS...

Internet Bug Bounty: CVE-2023-27537: HSTS double-free

A double-free vulnerability was discovered in libcurl's support for sharing HSTS data between separate handles, which could result in a use-after-free or double-free when two threads share the same HSTS data without proper mutexes or thread locks...

curl: CVE-2023-27537: HSTS double-free

A double-free vulnerability CVE-2023-27537 existed in libcurl's HSTS HTTP Strict Transport Security implementation due to a lack of exclusion control when processing HSTS with multi-threading. This could lead to a use-after-free UAF issue when other threads access entries. An attacker could explo...