Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-27537
HistoryMar 20, 2023 - 12:00 a.m.

CVE-2023-27537

2023-03-2000:00:00
ubuntu.com
ubuntu.com
11

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

29.4%

A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data
between separate “handles”. This sharing was introduced without
considerations for do this sharing across separate threads but there was no
indication of this fact in the documentation. Due to missing mutexes or
thread locks, two threads sharing the same HSTS data could end up doing a
double-free or use-after-free.

Notes

Author Note
mdeslaur introduced in 7.88.0
OSVersionArchitecturePackageVersionFilename
ubuntu23.04noarchcurl< 7.88.1-6ubuntu2UNKNOWN

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

29.4%