8 matches found
CLSA-2023-1697816385 curl: Fix of 2 CVEs
CVE-2022-27782: check additional TLS or SSH connection parameters that should have prohibited connection reuse - CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix read off end of array for SCP home directory case...
CLSA-2023-1682348435 curl: Fix of CVE-2023-27534
CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix resolving SCP relative path...
CLSA-2023-1682347721 curl: Fix of CVE-2023-27534
CVE-2023-27534: fix SFTP path '' resolving discrepancy - fix resolving SCP relative path...
AZL-34607 CVE-2023-27534 affecting package cmake for versions less than 3.28.2-1
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
AZL-38611 CVE-2023-27534 affecting package tensorflow for versions less than 2.16.1-1
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...
USN-5964-1 curl vulnerabilities
Harry Sintonen discovered that curl incorrectly handled certain TELNET connection options. Due to lack of proper input scrubbing, curl could pass on user name and telnet options to the server as provided, contrary to expectations. CVE-2023-27533 Harry Sintonen discovered that curl incorrectly...
SFTP path ~ resolving discrepancy
curl supports SFTP transfers. curl's SFTP implementation offers a special feature in the path component of URLs: a tilde character as the first path element in the path to denotes a path relative to the user's home directory. This is supported because of wording in the once proposed to-become RFC...
UBUNTU-CVE-2023-27534
A path traversal vulnerability exists in curl 8.0.0 SFTP implementation causes the tilde character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can...