5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.3%
Software: curl 7.61.1
OS: ROSA Virtualization 2.1
package_evr_string: curl-7.61.1-22.rv3.src.rpm
CVE-ID: CVE-2021-22897
BDU-ID: 2022-00375
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the Transport Layer Security (TLS) protocol implementation of the libcurl library is due to security flaws in the security settings when using the CURLOPT_SSL_CIPHER_LIST configuration. Exploitation of the vulnerability could allow an attacker acting remotely to gain unauthorized access to protected information
CVE-STATUS: Not relevant
CVE-REV:
CVE-ID: CVE-2021-22926
BDU-ID: None
CVE-Crit: HIGH
CVE-DESC.: Applications that use libcurl may request a specific client certificate to be used during transmission. This is done with the CURLOPT_SSLCERT
option (--cert
using the command line tool). When libcurl is built to use macOS Secure Transport’s own TLS library, the application can request a client certificate by name or by file. name - using the same option. If name exists as a file, it will be used instead of name. If the application is started with the current working directory writable by other users (for example, /tmp
), an attacker could create a file name using the same name that the application wants to use by name, and thereby trick the application into using a file-based certificate instead of the certificate referenced by name, causing libcurl to send the wrong client certificate when validating a TLS connection.
CVE-STATUS: Not Relevant
CVE-REV:
CVE-ID: CVE-2022-27781
BDU-ID: 2022-03180
CVE-Crit: MEDIUM
CVE-DESC.: A vulnerability in the implementation of the SSL certificate information request configuration CURLOPT_CERTINFO of the cURL command line utility is related to the execution of a loop with an unreachable exit condition. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service
CVE-STATUS: Not Relevant
CVE-REV:
CVE-ID: CVE-2022-32221
BDU-ID: 2022-07403
CVE-Crit: CRITICAL.
CVE-DESC.: A vulnerability in the cURL command line utility is related to a logical error in the reused descriptor when processing subsequent PUT and POST HTTP requests. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service or otherwise impact the system using a read callback (CURLOPT_READFUNCTION)
CVE-STATUS: Not Relevant
CVE-REV:
CVE-ID: CVE-2023-27533
BDU-ID: 2023-02107
CVE-Crit: LOW
CVE-DESC.: A vulnerability in the curl program line utility is related to communication using the TELNET protocol, which could allow an attacker to pass a specially crafted username and “telnet parameters” during server negotiation. Exploitation of the vulnerability could allow an attacker acting remotely to send content or perform parameter negotiation.
CVE-STATUS: Not Relevant
CVE-REV:
CVE-ID: CVE-2023-28319
BDU-ID: 2023-03622
CVE-Crit: HIGH
CVE-DESC.: A vulnerability in the cURL command line utility is associated with uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to disclose protected information
CVE-STATUS: Not Current
CVE-REV:
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.6 High
AI Score
Confidence
High
0.007 Low
EPSS
Percentile
80.3%