Lucene search

K

Gentoo FoundationGLSA-202310-12

HistoryOct 11, 2023 - 12:00 a.m.

curl: Multiple Vulnerabilities

2023-10-1100:00:00

Gentoo Foundation

security.gentoo.org

26

curl

vulnerabilities

remote code execution

socks usage

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.009 Low

EPSS

Percentile

83.1%

Background

A command line tool and library for transferring data with URLs.

Description

Multiple vulnerabilities have been discovered in curl. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details. Note that the risk of remote code execution is limited to SOCKS usage.

Workaround

There is no known workaround at this time.

Resolution

All curl users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose "&gt;=net-misc/curl-8.3.0-r2"

OSVersionArchitecturePackageVersionFilename
Gentooanyallnet-misc/curl< 8.3.0-r2UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.009 Low

EPSS

Percentile

83.1%

Related for GLSA-202310-12

nessus73 ibm13 openvas50 mageia2 freebsd3 fedora5 osv12 slackware4 amazon5 ubuntu8 cloudfoundry5 photon2 aix2 redos2 almalinux2 oraclelinux1 redhat4 debian3 cloudlinux1 rosalinux1 hackerone1