Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1309)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Medium: curl

Issue Overview: A vulnerability was found in curl. This issue occurs due to an erroneous function. A malicious server could make curl within Network Security Services NSS get stuck in a never-ending busy loop when trying to retrieve that information. This flaw allows an Infinite Loop, affecting...

OESA-2023-1005 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP...

OESA-2023-1007 curl security update

cURL is a computer software project providing a library libcurl and command-line tool curl for transferring data using various protocols. Security Fixes: A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-1005)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the...

EulerOS 2.0 SP11 : curl (EulerOS-SA-2023-1030)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send, even when the...

Mageia: Security Advisory (MGASA-2022-0483)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Updated curl packages fix security vulnerability

Another HSTS bypass via IDN. CVE-2022-43551 HTTP Proxy deny use-after-free. CVE-2022-43552...

SUSE SLES15 Security Update : curl (SUSE-SU-2022:4633-1)

The remote SUSE Linux SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2022:4633-1 advisory. - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP...

SUSE-SU-2022:4633-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free bsc1206309...

Fedora 36 : curl (2022-9836111c44)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-9836111c44 advisory. - smb/telnet: fix use-after-free when HTTP proxy denies tunnel CVE-2022-43552 - http: use the IDN decoded name in HSTS checks CVE-2022-43551 Tenable...

SUSE SLES12 Security Update : curl (SUSE-SU-2022:4598-1)

The remote SUSE Linux SLES12 / SLESSAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:4598-1 advisory. - A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP prox...

Fedora 36 : curl (2022-01ffde372c)

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2022-01ffde372c advisory. - url: use IDN decoded names for HSTS checks CVE-2022-42916 - httpproxy: restore the protocol pointer on error CVE-2022-42915 - netrc: replace fgets...

CVE-2022-43552

A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols,...

SUSE-SU-2022:4598-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free bsc1206309...

SUSE-SU-2022:4597-1 Security update for curl

This update for curl fixes the following issues: - CVE-2022-43552: HTTP Proxy deny use-after-free bsc1206309. - CVE-2022-43551: Fixed HSTS bypass via IDN bsc1206308...

CVE-2022-43552

A use after free vulnerability exists in curl 7.87.0. Curl can be asked to tunnel virtually all protocols it supports through an HTTP proxy. HTTP proxies can and often do deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocat...

FreeBSD : curl -- multiple vulnerabilities (0f99a30c-7b4b-11ed-9168-080027f5fec9)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0f99a30c-7b4b-11ed-9168-080027f5fec9 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback...

Amazon Linux 2022 : curl (ALAS2022-2022-246)

The version of curl installed on the remote host is prior to 7.86.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-246 advisory. - When doing HTTPS transfers, libcurl might erroneously use the read callback CURLOPTREADFUNCTION to ask for data to send,...

Amazon Linux 2 : curl (ALAS-2022-1882)

The version of curl installed on the remote host is prior to 7.79.1-7. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1882 advisory. A vulnerability was found in curl. The issue occurs when doing HTTPS transfers, where curl might erroneously use the read...