rpm package
suse/curl&distro=SUSE Linux Enterprise Server 11 SP4-LTSS
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSS
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-22898 | Low | 3.1 | < 7.37.0-70.66.1 | 7.37.0-70.66.1 | Jun 11, 2021 | curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could | |
| CVE-2020-8177 | Hig | 7.8 | < 7.37.0-70.47.1 | 7.37.0-70.47.1 | Dec 14, 2020 | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |
| CVE-2019-5482 | Cri | 9.8 | < 7.37.0-70.44.1 | 7.37.0-70.44.1 | Sep 16, 2019 | Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | |
| CVE-2019-5436 | Hig | 7.8 | < 7.37.0-70.41.2 | 7.37.0-70.41.2 | May 28, 2019 | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. |
- affected < 7.37.0-70.66.1fixed 7.37.0-70.66.1
curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could
- affected < 7.37.0-70.47.1fixed 7.37.0-70.47.1
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
- affected < 7.37.0-70.44.1fixed 7.37.0-70.44.1
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
- affected < 7.37.0-70.41.2fixed 7.37.0-70.41.2
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.