curl is vulnerable to Denial of Service (DoS). The vulnerability occurs because curl caps chained HTTP compression algorithms on per header basis. This allows an attacker to insert a virtually unlimited number of compression steps simply by using many headers leading to a crash.
hackerone.com/reports/1826048
lists.debian.org/debian-lts-announce/2023/02/msg00035.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/
lists.fedoraproject.org/archives/list/[email protected]/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
security.gentoo.org/glsa/202310-12
security.netapp.com/advisory/ntap-20230309-0006/
www.debian.org/security/2023/dsa-5365