rpm package
opensuse/curl&distro=openSUSE Leap Micro 5.5
pkg:rpm/opensuse/curl&distro=openSUSE%20Leap%20Micro%205.5
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-11053 | — | < 8.0.1-150400.5.59.1 | 8.0.1-150400.5.59.1 | Dec 11, 2024 | When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect | ||
| CVE-2024-9681 | — | < 8.0.1-150400.5.56.1 | 8.0.1-150400.5.56.1 | Nov 6, 2024 | When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform | ||
| CVE-2024-8096 | — | < 8.0.1-150400.5.50.1 | 8.0.1-150400.5.50.1 | Sep 11, 2024 | When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports | ||
| CVE-2024-7264 | — | < 8.0.1-150400.5.47.1 | 8.0.1-150400.5.47.1 | Jul 31, 2024 | libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer t |
- CVE-2024-11053Dec 11, 2024affected < 8.0.1-150400.5.59.1fixed 8.0.1-150400.5.59.1
When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect
- CVE-2024-9681Nov 6, 2024affected < 8.0.1-150400.5.56.1fixed 8.0.1-150400.5.56.1
When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform
- CVE-2024-8096Sep 11, 2024affected < 8.0.1-150400.5.50.1fixed 8.0.1-150400.5.50.1
When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports
- CVE-2024-7264Jul 31, 2024affected < 8.0.1-150400.5.47.1fixed 8.0.1-150400.5.47.1
libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer t