CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3210 matches found

Tenable Nessus•added 2023/02/27 12:0 a.m.•57 views

Fedora 36 : curl (2023-94df30cbec)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-94df30cbec advisory. - fix HTTP multi-header compression denial of service CVE-2023-23916 Tenable has extracted the preceding description block directly from the Fedora security...

6.5CVSS6.7AI score0.01703EPSS

Exploits1References2

OSV•added 2023/02/24 11:4 a.m.•1 views

OESA-2023-1124 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file...

9.1CVSS8.8AI score0.01703EPSS

Exploits2References4

OSV•added 2023/02/24 11:4 a.m.•1 views

OESA-2023-1125 curl security update

9.1CVSS8.8AI score0.01703EPSS

Exploits2References4

OSV•added 2023/02/24 11:4 a.m.•3 views

OESA-2023-1123 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: curl supports "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with...

6.5CVSS9AI score0.01703EPSS

Exploits1References2

Microsoft CVE•added 2023/02/24 8:0 a.m.•2 views

An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb" making curl end up spending enormous amounts of allocated heap memory or trying to and returning out of memory errors.

...

6.5CVSS6.6AI score0.01703EPSS

Exploits1

OSV•added 2023/02/23 8:15 p.m.•4 views

AZL-13657 CVE-2023-23916 affecting package mysql for versions less than 8.0.33-1

An allocation of resources without limits or throttling vulnerability exists in curl v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this...

6.5CVSS6.7AI score0.01703EPSS

Exploits1References1

NVD•added 2023/02/23 8:15 p.m.•32 views

CVE-2023-23916

6.5CVSS7.8AI score0.01703EPSS

Exploits1References6

OSV•added 2023/02/23 8:15 p.m.•4 views

AZL-34602 CVE-2023-23916 affecting package cmake for versions less than 3.28.2-1

6.5CVSS6.7AI score0.01703EPSS

Exploits1References1

OSV•added 2023/02/23 8:15 p.m.•2 views

AZL-13651 CVE-2023-23916 affecting package cmake for versions less than 3.21.4-13

6.5CVSS6.7AI score0.01703EPSS

Exploits1References1

OSV•added 2023/02/23 8:15 p.m.•1 views

DEBIAN-CVE-2023-23916

6.5CVSS6.5AI score0.01703EPSS

Exploits1References1

OSV•added 2023/02/23 8:15 p.m.•2 views

ALPINE-CVE-2023-23916

6.5CVSS6.9AI score0.01703EPSS

Exploits1References1

OSV•added 2023/02/23 8:15 p.m.•4 views

AZL-13653 CVE-2023-23916 affecting package curl for versions less than 7.88.1-1

6.5CVSS6.7AI score0.01703EPSS

Exploits1References1

OSV•added 2023/02/23 8:15 p.m.•2 views

AZL-13658 CVE-2023-23916 affecting package rust for versions less than 1.72.0-2

6.5CVSS6.7AI score0.01703EPSS

Exploits1References1

Vulnrichment•added 2023/02/23 12:0 a.m.•2 views

CVE-2023-23916

7.1AI score0.01703EPSS

Exploits1References6

CVE•added 2023/02/23 12:0 a.m.•550 views

CVE-2023-23916

CVE-2023-23916 involves curl before 7.88.0 where an attacker could abuse the chained HTTP compression chain to create a degenerate decompression path. Although the cap on the number of links is per header, a malicious server can inject many headers to form an effectively unlimited decompression c...

6.5CVSS6.7AI score0.01703EPSS

Exploits1References6Affected Software1

F5 Networks•added 2023/02/21 7:47 p.m.•41 views

K16866: PowerDNS vulnerabilities CVE-2014-8601 and CVE-2015-1868

Security Advisory Description CVE-2014-8601 PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service "performance degradations" via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it...

7.8CVSS6.6AI score0.81834EPSS

Exploits0

Microsoft CVE•added 2023/02/20 8:0 a.m.•2 views

Go-Getter Vulnerable to Decompression Bombs

...

6.5CVSS6.2AI score0.00454EPSS

Exploits0

OSV•added 2023/02/17 9:16 p.m.•25 views

GO-2023-1578 Denial of service in github.com/hashicorp/go-getter/v2

HashiCorp go-getter is vulnerable to decompression bombs. This can lead to excessive memory consumption and denial-of-service attacks...

6.5CVSS5.2AI score0.00454EPSS

Exploits0References3