Redhat.comRH:CVE-2023-28321

HistoryMay 17, 2023 - 9:27 a.m.

CVE-2023-28321

Vulners
Redhatcve
CVE-2023-28321

2023-05-1709:27:51

redhat.com

access.redhat.com

curl package

idn wildcard match

certificate validation

security flaw

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

56.6%

JSON

A flaw was found in the Curl package. An incorrect International Domain Name (IDN) wildcard match may lead to improper certificate validation.

References

bugzilla.redhat.com/show_bug.cgi?id=2196786

curl.se/docs/CVE-2023-28321.html

nvd.nist.gov/vuln/detail/CVE-2023-28321

www.cve.org/CVERecord?id=CVE-2023-28321

veracode 2

cbl_mariner 4

osv 9

openvas 29

cve 1

prion 1

cvelist 1

hackerone 2

ibm 20

nessus 47

alpinelinux 1

nvd 1

debiancve 1

ubuntucve 1

redhat 54

debian 1

rocky 1

fedora 2

almalinux 2

oraclelinux 2

cloudfoundry 2

ubuntu 3

freebsd 1

slackware 1

redos 1

amazon 1

photon 2

mageia 1

gentoo 1

apple 3

ics 1

veracode

Improper Certificate Validation

2023-06-07 10:17:40

Improper Certificate Validation

2023-06-06 16:56:36

cbl_mariner

CVE-2023-28321 affecting package rust for versions less than 1.72.0-2

2023-10-11 01:41:59

CVE-2023-28321 affecting package curl for versions less than 8.2.1-1

2023-08-18 20:45:02

CVE-2023-28321 affecting package tensorflow for versions less than 2.16.1-1

2024-04-17 22:02:46

osv

IDN wildcard match

2023-05-17 08:00:00

CVE-2023-28321

2023-05-26 21:15:16

Moderate: curl security update

2023-10-06 23:10:01

openvas

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3121)

2023-11-09 00:00:00

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-3425)

2023-12-15 00:00:00

Fedora: Security Advisory for curl (FEDORA-2023-8ed627bb04)

2023-06-09 00:00:00

cve

CVE-2023-28321

2023-05-26 21:15:16

prion

Input validation

2023-05-26 21:15:00

cvelist

CVE-2023-28321

2023-05-26 00:00:00

hackerone

curl: CVE-2023-28321: IDN wildcard match

2023-04-17 16:54:15

Internet Bug Bounty: CVE-2023-28321: IDN wildcard match

2023-05-18 09:11:02

ibm

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Certificate Validation in the RHEL UBI (CVE-2023-28321)

2024-01-18 21:30:03

Security Bulletin: IBM Storage Ceph is vulnerable to Improper Certificate Validation in the RHEL UBI (CVE-2023-28321)

2024-01-26 22:03:12

Security Bulletin: IBM Event Streams is affected by a vulnerability in cURL libcurl (CVE-2023-28321)

2023-11-29 22:25:49

nessus

EulerOS 2.0 SP8 : curl (EulerOS-SA-2023-3121)

2024-01-16 00:00:00

EulerOS Virtualization 3.0.6.0 : curl (EulerOS-SA-2023-3425)

2024-01-16 00:00:00

RHEL 8 : curl (RHSA-2023:4523)

2023-08-08 00:00:00

alpinelinux

CVE-2023-28321

2023-05-26 21:15:16

nvd

CVE-2023-28321

2023-05-26 21:15:16

debiancve

CVE-2023-28321

2023-05-26 21:15:16

ubuntucve

CVE-2023-28321

2023-05-17 00:00:00

redhat

(RHSA-2023:4523) Moderate: curl security update

2023-08-08 07:21:00

(RHSA-2023:5598) Moderate: curl security update

2023-10-10 14:20:03

(RHSA-2023:4354) Moderate: curl security update

2023-08-01 07:58:15

debian

[SECURITY] [DLA 3613-1] curl security update

2023-10-11 11:49:02

rocky

curl security update

2023-10-06 23:10:01

fedora

[SECURITY] Fedora 37 Update: curl-7.85.0-9.fc37

2023-06-08 02:00:39

[SECURITY] Fedora 38 Update: curl-8.0.1-2.fc38

2023-06-07 02:15:37

almalinux

Moderate: curl security update

2023-08-08 00:00:00

Moderate: curl security update

2023-08-01 00:00:00

oraclelinux

curl security update

2023-08-02 00:00:00

curl security update

2023-08-10 00:00:00

cloudfoundry

USN-6237-2: curl regression | Cloud Foundry

2023-08-10 00:00:00

USN-6237-1: curl vulnerabilities | Cloud Foundry

2024-03-18 00:00:00

ubuntu

curl vulnerabilities

2023-09-11 00:00:00

curl vulnerabilities

2023-07-19 00:00:00

curl regression

2023-07-19 00:00:00

freebsd

curl -- multiple vulnerabilities

2023-03-21 00:00:00

slackware

[slackware-security] curl

2023-05-17 21:00:11

redos

ROS-20230621-04

2023-06-21 00:00:00

amazon

Medium: curl

2023-08-31 22:29:00

photon

Important Photon OS Security Update - PHSA-2023-3.0-0589

2023-05-31 00:00:00

Critical Photon OS Security Update - PHSA-2023-5.0-0049

2023-07-14 00:00:00

mageia

Updated curl packages fix security vulnerability

2023-09-25 01:16:18

gentoo

curl: Multiple Vulnerabilities

2023-10-11 00:00:00

apple

About the security content of macOS Big Sur 11.7.9

2023-07-24 00:00:00

About the security content of macOS Monterey 12.6.8

2023-07-24 00:00:00

About the security content of macOS Ventura 13.5

2023-07-24 00:00:00

ics

Siemens SINEC NMS

2024-02-15 12:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

0.002 Low

EPSS

Percentile

56.6%

JSON

Related for RH:CVE-2023-28321