CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
62.5%
A vulnerability in the curl program is related to incorrect certificate validation when matching wildcards in TLS certificates for IDNs.
wildcards in TLS certificates for IDNs. Exploitation of the vulnerability could allow an attacker acting remotely to create a specially crafted certificate that the library would consider trusted.
remotely to create a specially crafted certificate that the library would consider trusted.
A vulnerability in the curl program is related to improper synchronization when resolving hostnames using the
alarm() and siglongjmp() functions.Exploitation of the vulnerability could allow an attacker acting remotely to cause the application to crash.
An exploitation of the vulnerability could allow an attacker acting remotely to cause an application crash by affecting the contents of the global buffer.
The curl program vulnerability is related to a post-release usage error in SSH fingerprint validation
sha256. Exploitation of the vulnerability could allow an attacker acting remotely to use the
application to connect to a malicious SSH server, cause a post-release exploit error, and
gain access to potentially sensitive information.
The libcurl library vulnerability involves errors when sending POST and PUT HTTP requests using the
the same descriptor. Exploitation of the vulnerability could allow a remote attacker,
gain unauthorized access to protected information