Lucene search

K

Veracode Vulnerability DatabaseVERACODE:31372

HistoryJul 26, 2021 - 9:26 a.m.

Denial Of Service (DoS)

2021-07-2609:26:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

14

curl

denial of service

ssl vulnerability

file overriding

EPSS

0.005

Percentile

76.3%

curl is vulnerable to denial of service. The SSL backend fails to secure the CURLOPT_SSLCERT against current directory file overriding the keychain nickname specified, potentially resulting in the overriding the CURLOPT_SSLCERT specified certificate and thus causing denial of service.

References

cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf

hackerone.com/reports/1234760

lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cdev.kafka.apache.org%3E

lists.apache.org/thread.html/r61db8e7dcb56dc000a5387a88f7a473bacec5ee01b9ff3f55308aacc@%3Cusers.kafka.apache.org%3E

lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cdev.kafka.apache.org%3E

lists.apache.org/thread.html/rbf4ce74b0d1fa9810dec50ba3ace0caeea677af7c27a97111c06ccb7@%3Cusers.kafka.apache.org%3E

secdb.alpinelinux.org/v3.11/main.yaml

security.netapp.com/advisory/ntap-20210902-0003/

security.netapp.com/advisory/ntap-20211022-0003/

www.oracle.com/security-alerts/cpujan2022.html

www.oracle.com/security-alerts/cpuoct2021.html

EPSS

0.005

Percentile

76.3%

Related for VERACODE:31372

ibm5 cvelist1 photon4 ubuntucve1 cbl_mariner2 redhatcve1 osv1 cve1 alpinelinux1 hackerone1 prion1 nvd1 nessus15 openvas7 slackware1 rosalinux1 freebsd2 gentoo1 ics2 oracle2