curl is vulnerable to Denial Of Service (DoS). The vulnerability exists because the library erroneously uses the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS
option has been set, allowing an attacker to crash the application through the malicious POST request.
seclists.org/fulldisclosure/2023/Jan/19
seclists.org/fulldisclosure/2023/Jan/20
www.openwall.com/lists/oss-security/2023/05/17/4
hackerone.com/reports/1704017
lists.debian.org/debian-lts-announce/2023/01/msg00028.html
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
security.gentoo.org/glsa/202212-01
security.netapp.com/advisory/ntap-20230110-0006/
security.netapp.com/advisory/ntap-20230208-0002/
support.apple.com/kb/HT213604
support.apple.com/kb/HT213605
www.debian.org/security/2023/dsa-5330