Lucene search
GoogleOSV:ALSA-2023:4354HistoryAug 01, 2023 - 12:00 a.m.
Moderate: curl security update
2023-08-0100:00:00
Google
osv.dev
11
curl
libcurl library
curl utility
downloading files
http
ftp
ldap
security update
cve-2023-28321
cve-2023-28322
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
7.2
Confidence
Low
EPSS
0.002
Percentile
57.0%
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
- curl: IDN wildcard match may lead to Improper Cerificate Validation (CVE-2023-28321)
- curl: more POST-after-PUT confusion (CVE-2023-28322)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Related
nessus
nessus
EulerOS 2.0 SP9 : curl (EulerOS-SA-2023-2578)
2023-08-08 00:00:00
EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2023-2979)
2024-01-16 00:00:00
Fedora 38 : curl (2023-37eac50e9b)
2023-06-07 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2350)
2023-07-17 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2578)
2023-08-08 00:00:00
Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-2953)
2023-10-13 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: curl-7.85.0-9.fc37
2023-06-08 02:00:39
[SECURITY] Fedora 38 Update: curl-8.0.1-2.fc38
2023-06-07 02:15:37
redhat
redhat
(RHSA-2023:5598) Moderate: curl security update
2023-10-10 14:20:03
(RHSA-2023:4354) Moderate: curl security update
2023-08-01 07:58:15
(RHSA-2024:0585) Moderate: curl security and bug fix update
2024-01-30 12:53:25
oraclelinux
oraclelinux
curl security update
2023-08-02 00:00:00
curl security update
2023-08-10 00:00:00
curl security and bug fix update
2024-04-03 00:00:00
almalinux
almalinux
Moderate: curl security update
2023-08-01 00:00:00
Moderate: curl security update
2023-08-08 00:00:00
Moderate: curl security and bug fix update
2024-04-02 00:00:00
osv
osv
curl regression
2023-07-19 17:34:44
curl vulnerabilities
2023-09-11 18:00:42
curl vulnerabilities
2023-07-19 12:11:55
ubuntu
ubuntu
curl vulnerabilities
2023-09-11 00:00:00
curl vulnerabilities
2023-07-19 00:00:00
curl regression
2023-07-19 00:00:00
cloudfoundry
cloudfoundry
USN-6237-1: curl vulnerabilities | Cloud Foundry
2024-03-18 00:00:00
USN-6237-2: curl regression | Cloud Foundry
2023-08-10 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities in libcURL affect IBM Rational ClearCase.
2024-03-01 06:47:15
Security Bulletin: Multiple publicly disclosed libcurl vulnerabilities affect IBM Safer Payments
2023-12-11 15:06:23
Security Bulletin: Multiple vulnerabilities in Curl affect PowerSC
2023-09-25 20:08:28
freebsd
freebsd
curl -- multiple vulnerabilities
2023-03-21 00:00:00
slackware
slackware
[slackware-security] curl
2023-05-17 21:00:11
amazon
amazon
Medium: curl
2023-08-31 22:29:00
redos
redos
ROS-20230621-04
2023-06-21 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-28322 affecting package curl for versions less than 8.0.1-2
2023-06-14 23:53:35
CVE-2023-28322 affecting package cmake for versions less than 3.21.4-10
2024-03-19 17:21:46
CVE-2023-28322 affecting package cmake for versions less than 3.21.4-6
2023-06-14 23:53:35
redhatcve
redhatcve
CVE-2023-28322
2023-05-17 09:28:10
CVE-2023-28321
2023-05-17 09:27:51
hackerone
hackerone
Internet Bug Bounty: CVE-2023-28322: more POST-after-PUT confusion
2023-05-18 09:15:01
curl: CVE-2023-28321: IDN wildcard match
2023-04-17 16:54:15
Internet Bug Bounty: CVE-2023-28321: IDN wildcard match
2023-05-18 09:11:02
veracode
veracode
Use After Free
2023-06-04 10:55:34
Improper Certificate Validation
2023-06-07 10:17:40
Improper Certificate Validation
2023-06-06 16:56:36
debiancve
debiancve
CVE-2023-28322
2023-05-26 21:15:16
CVE-2023-28321
2023-05-26 21:15:16
nvd
nvd
CVE-2023-28322
2023-05-26 21:15:16
CVE-2023-28321
2023-05-26 21:15:16
alpinelinux
alpinelinux
CVE-2023-28322
2023-05-26 21:15:16
CVE-2023-28321
2023-05-26 21:15:16
prion
prion
Information disclosure
2023-05-26 21:15:00
Input validation
2023-05-26 21:15:00
cvelist
cvelist
CVE-2023-28321
2023-05-26 00:00:00
CVE-2023-28322
2023-05-26 00:00:00
cve
cve
CVE-2023-28321
2023-05-26 21:15:16
CVE-2023-28322
2023-05-26 21:15:16
ubuntucve
ubuntucve
CVE-2023-28322
2023-05-17 00:00:00
CVE-2023-28321
2023-05-17 00:00:00
debian
debian
[SECURITY] [DLA 3692-1] curl security update
2023-12-22 14:27:56
[SECURITY] [DLA 3613-1] curl security update
2023-10-11 11:49:02
rocky
rocky
curl security update
2023-10-06 23:10:01
curl security and bug fix update
2024-04-05 14:55:53
photon
photon
Important Photon OS Security Update - PHSA-2023-3.0-0589
2023-05-31 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0399
2023-05-31 00:00:00
mageia
mageia
Updated curl packages fix security vulnerability
2023-09-25 01:16:18
gentoo
gentoo
curl: Multiple Vulnerabilities
2023-10-11 00:00:00
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
7.2
Confidence
Low
EPSS
0.002
Percentile
57.0%
Related for OSV:ALSA-2023:4354