CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

Veracode•added 2023/06/04 9:58 a.m.•33 views

Denial Of Service (DoS)

libcurl.so is vulnerable to Denial of Service DoS attacks. Although libcurl offers a number of backends for resolving host names, name resolves may time out if built to use the synchronous resolver to slowdown operations with alert and siglongjmp, resulting in multi-threaded application showing...

5.9CVSS6.7AI score0.00641EPSS

Exploits1References12Affected Software2

Microsoft CVE•added 2023/05/27 7:0 a.m.•1 views

A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names selected at build time. If it is built to use the synchronous resolver it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.

...

5.9CVSS6.4AI score0.00641EPSS

OSV•added 2023/05/26 9:15 p.m.•2 views

AZL-26793 CVE-2023-28320 affecting package curl for versions less than 8.2.1-1

NVD•added 2023/05/26 9:15 p.m.•25 views

CVE-2023-28320

5.9CVSS7.3AI score0.00641EPSS

Exploits1References9

OSV•added 2023/05/26 9:15 p.m.•0 views

AZL-26809 CVE-2023-28320 affecting package mysql for versions less than 8.0.34-1

OSV•added 2023/05/26 9:15 p.m.•1 views

AZL-26790 CVE-2023-28320 affecting package cmake for versions less than 3.21.4-11

OSV•added 2023/05/26 9:15 p.m.•1 views

ALPINE-CVE-2023-28320

5.9CVSS6.9AI score0.00641EPSS

OSV•added 2023/05/26 9:15 p.m.•2 views

AZL-38926 CVE-2023-28320 affecting package tensorflow for versions less than 2.16.1-1

OSV•added 2023/05/26 9:15 p.m.•1 views

DEBIAN-CVE-2023-28320

5.9CVSS6.5AI score0.00641EPSS

Debian CVE•added 2023/05/26 12:0 a.m.•36 views

CVE-2023-28320

5.9CVSS6.1AI score0.00641EPSS

Cvelist•added 2023/05/26 12:0 a.m.•27 views

CVE-2023-28320

6.8AI score0.00641EPSS

Exploits1References9

AlpineLinux•added 2023/05/26 12:0 a.m.•54 views

CVE-2023-28320

5.9CVSS6.7AI score0.00641EPSS

SUSE CVE•added 2023/05/18 2:19 a.m.•1 views

SUSE CVE-2023-28320

3.7CVSS8.3AI score0.00641EPSS

Exploits1References98

Hacker One•added 2023/05/17 8:16 a.m.•102 views

Internet Bug Bounty: CVE-2023-28320 - siglongjmp race condition

A race condition vulnerability CVE-2023-28320 existed in libcurl's synchronous resolver, which could allow a multi-threaded application to crash or misbehave due to the use of a global buffer that was not mutex protected. The vulnerability could result in a denial of service...

5.9CVSS5.8AI score0.00641EPSS

OSV•added 2023/05/17 8:0 a.m.•20 views

CURL-CVE-2023-28320 siglongjmp race condition

libcurl provides several different backends for resolving hostnames, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doing this, libcurl used a global buffer that was not mutex protected a...

5.9CVSS5.9AI score0.00641EPSS