4 matches found
Insertion of Sensitive Information Into Sent Data
Overview Affected versions of this package are vulnerable to Insertion of Sensitive Information Into Sent Data due to the improper clearing of the CURLOPTREFERER option. An attacker can cause sensitive information to be disclosed by forcing the reuse and transmission of a previous referer header ...
Double Free
Overview Affected versions of this package are vulnerable to Double Free in the GSASL context cleanup process. An attacker can cause arbitrary code execution or a denial of service by triggering the double-free condition. Remediation Upgrade libcurl to version 8.21.0 or higher. References - Curl...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation when the CURLOPTSSLSESSIONIDCACHE is enabled and the CURLSSLOPTEARLYDATA option is set in CURLOPTSSLOPTIONS. An attacker can intercept and obtain sensitive information by impersonating a server and...
libcurl 7.88.0 < 8.21.0 HTTP/2 Stream-Dependency Tree Use-After-Free
The version of libcurl installed on the remote host is 7.88.0 prior to 8.21.0. It is, therefore, affected by a use-after-free vulnerability: - A use-after-free vulnerability exists in libcurl when an application configures an HTTP/2 stream-dependency tree and subsequently invokes curleasyreset...