rpm package
suse/curl&distro=SUSE OpenStack Cloud 8
pkg:rpm/suse/curl&distro=SUSE%20OpenStack%20Cloud%208
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-27782 | Hig | 7.5 | < 7.37.0-37.76.1 | 7.37.0-37.76.1 | Jun 2, 2022 | libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, s | |
| CVE-2022-27781 | Hig | 7.5 | < 7.37.0-37.76.1 | 7.37.0-37.76.1 | Jun 2, 2022 | libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve | |
| CVE-2020-8177 | Hig | 7.8 | < 7.37.0-37.47.1 | 7.37.0-37.47.1 | Dec 14, 2020 | curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |
| CVE-2019-5482 | Cri | 9.8 | < 7.37.0-37.43.1 | 7.37.0-37.43.1 | Sep 16, 2019 | Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. |
- affected < 7.37.0-37.76.1fixed 7.37.0-37.76.1
libcurl would reuse a previously created connection even when a TLS or SSHrelated option had been changed that should have prohibited reuse.libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse if one of them matches the setup. However, s
- affected < 7.37.0-37.76.1fixed 7.37.0-37.76.1
libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve
- affected < 7.37.0-37.47.1fixed 7.37.0-37.47.1
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.
- affected < 7.37.0-37.43.1fixed 7.37.0-37.43.1
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.