2 matches found
AZL-34603 CVE-2023-27537 affecting package cmake for versions less than 3.28.2-1
A double free vulnerability exists in libcurl 8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread...
AZL-25805 CVE-2023-27535 affecting package mysql for versions less than 8.0.34-1
An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...