Lucene search

K
ubuntuUbuntuUSN-5894-1
HistoryFeb 27, 2023 - 12:00 a.m.

curl vulnerabilities

2023-02-2700:00:00
ubuntu.com
39
ubuntu 16.04
ubuntu 14.04
http
https
ftp
telnet
denial of service
arbitrary code
vulnerabilities

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

8.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.4%

Releases

  • Ubuntu 16.04 ESM
  • Ubuntu 14.04 ESM

Packages

  • curl - HTTP, HTTPS, and FTP client and client libraries

Details

Harry Sintonen and Tomas Hoger discovered that curl incorrectly handled
TELNET connections when the -t option was used on the command line.
Uninitialized data possibly containing sensitive information could be sent
to the remote server, contrary to expectations. This issue was only fixed
in Ubuntu 14.04 ESM. (CVE-2021-22898, CVE-2021-22925)

It was discovered that curl incorrectly handled denials when using HTTP
proxies. A remote attacker could use this issue to cause curl to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2022-43552)

OSVersionArchitecturePackageVersionFilename
Ubuntu16.04noarchlibcurl3-gnutls< 7.47.0-1ubuntu2.19+esm7UNKNOWN
Ubuntu16.04noarchcurl< 7.47.0-1ubuntu2.19UNKNOWN
Ubuntu16.04noarchcurl-dbgsym< 7.47.0-1ubuntu2.19UNKNOWN
Ubuntu16.04noarchlibcurl3< 7.47.0-1ubuntu2.19UNKNOWN
Ubuntu16.04noarchlibcurl3-dbg< 7.47.0-1ubuntu2.19UNKNOWN
Ubuntu16.04noarchlibcurl3-dbgsym< 7.47.0-1ubuntu2.19UNKNOWN
Ubuntu16.04noarchlibcurl3-gnutls< 7.47.0-1ubuntu2.19UNKNOWN
Ubuntu16.04noarchlibcurl3-gnutls-dbgsym< 7.47.0-1ubuntu2.19UNKNOWN
Ubuntu16.04noarchlibcurl3-nss< 7.47.0-1ubuntu2.19UNKNOWN
Ubuntu16.04noarchlibcurl3-nss-dbgsym< 7.47.0-1ubuntu2.19UNKNOWN
Rows per page:
1-10 of 431

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

8.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.4%