UbuntuUSN-6944-2curl vulnerability
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
Releases
- Ubuntu 18.04 ESM
- Ubuntu 16.04 ESM
- Ubuntu 14.04 ESM
Packages
- curl - HTTP, HTTPS, and FTP client and client libraries
Details
USN-6944-1 fixed CVE-2024-7264 for Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, and
Ubuntu 24.04 LTS. This update provides the corresponding fix for
Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, and Ubuntu 18.04 LTS.
Original advisory details:
Dov Murik discovered that curl incorrectly handled parsing ASN.1
Generalized Time fields. A remote attacker could use this issue to cause
curl to crash, resulting in a denial of service, or possibly obtain
sensitive memory contents.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 18.04 | noarch | curl | < 7.58.0-2ubuntu3.24+esm5 | UNKNOWN |
| Ubuntu | 18.04 | noarch | curl | < 7.58.0-2ubuntu3.24 | UNKNOWN |
| Ubuntu | 18.04 | noarch | curl-dbgsym | < 7.58.0-2ubuntu3.24 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libcurl3-gnutls | < 7.58.0-2ubuntu3.24 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libcurl3-gnutls-dbgsym | < 7.58.0-2ubuntu3.24 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libcurl3-nss | < 7.58.0-2ubuntu3.24 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libcurl3-nss-dbgsym | < 7.58.0-2ubuntu3.24 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libcurl4 | < 7.58.0-2ubuntu3.24 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libcurl4-dbgsym | < 7.58.0-2ubuntu3.24 | UNKNOWN |
| Ubuntu | 18.04 | noarch | libcurl4-doc | < 7.58.0-2ubuntu3.24 | UNKNOWN |
References
Related
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
AI Score
Confidence
Low