Medium: curl

Issue Overview: Integer overflow vulnerability in tooloperate.c in curl 7.65.2 via crafted value as the retry delay. CVE-2020-19909 libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before i...

Information Disclosure

libcurl.so is vulnerable to Information Disclosure. The SSH server's public key is verified with the use of a SHA 256 hash functionality provided by the library, however if the check is unsuccessful, the fingerprint's memory will be released before an error message is returned. This issue puts...

Design/Logic Flaw

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

CVE-2023-28319

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

CVE-2023-28319

A use-after-free flaw was found in the Curl package. This flaw risks inserting sensitive heap-based data into the error message that users might see or is otherwise leaked and revealed...