AZL-26807 CVE-2023-28319 affecting package mysql for versions less than 8.0.34-1

A use after free vulnerability exists in curl v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the now freed hash. This flaw...

PT-2023-3440 · Curl +4 · Curl +4

Name of the Vulnerable Software and Affected Versions: curl versions prior to 8.1.0 Description: A use after free issue exists in the way libcurl verifies an SSH server's public key using a SHA 256 hash. When this check fails, libcurl frees the memory for the fingerprint before returning an error...