Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-1000254 (GCVE-0-2017-1000254)
Vulnerability from cvelistv5 – Published: 2017-10-06 13:00 – Updated: 2024-08-05 22:00
VLAI
EPSS
Summary
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
11 references
| URL | Tags |
|---|---|
| https://security.gentoo.org/glsa/201712-04 | vendor-advisoryx_refsource_GENTOO |
| https://access.redhat.com/errata/RHSA-2018:3558 | vendor-advisoryx_refsource_REDHAT |
| https://support.apple.com/HT208331 | x_refsource_CONFIRM |
| http://www.securitytracker.com/id/1039509 | vdb-entryx_refsource_SECTRACK |
| https://curl.haxx.se/673d0cd8.patch | x_refsource_CONFIRM |
| https://curl.haxx.se/docs/adv_20171004.html | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2018:2486 | vendor-advisoryx_refsource_REDHAT |
| http://www.debian.org/security/2017/dsa-3992 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/101115 | vdb-entryx_refsource_BID |
| https://lists.apache.org/thread.html/rf4c02775860… | mailing-listx_refsource_MLIST |
| https://lists.apache.org/thread.html/r58af02e294b… | mailing-listx_refsource_MLIST |
Date Public
2017-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T22:00:39.675Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-201712-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201712-04"
},
{
"name": "RHSA-2018:3558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/HT208331"
},
{
"name": "1039509",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039509"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://curl.haxx.se/673d0cd8.patch"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://curl.haxx.se/docs/adv_20171004.html"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "DSA-3992",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3992"
},
{
"name": "101115",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/101115"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-09-25T00:00:00.000Z",
"datePublic": "2017-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-29T14:06:36.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-201712-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201712-04"
},
{
"name": "RHSA-2018:3558",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/HT208331"
},
{
"name": "1039509",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039509"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://curl.haxx.se/673d0cd8.patch"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://curl.haxx.se/docs/adv_20171004.html"
},
{
"name": "RHSA-2018:2486",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "DSA-3992",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3992"
},
{
"name": "101115",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/101115"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-09-25",
"ID": "CVE-2017-1000254",
"REQUESTER": "daniel@haxx.se",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201712-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201712-04"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208331"
},
{
"name": "1039509",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039509"
},
{
"name": "https://curl.haxx.se/673d0cd8.patch",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/673d0cd8.patch"
},
{
"name": "https://curl.haxx.se/docs/adv_20171004.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20171004.html"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "DSA-3992",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3992"
},
{
"name": "101115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101115"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000254",
"datePublished": "2017-10-06T13:00:00.000Z",
"dateReserved": "2017-10-06T00:00:00.000Z",
"dateUpdated": "2024-08-05T22:00:39.675Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2017-1000254",
"date": "2026-05-27",
"epss": "0.01318",
"percentile": "0.80121"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-1000254\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-06T13:29:00.207\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.\"},{\"lang\":\"es\",\"value\":\"libcurl podr\u00eda leer fuera de un b\u00fafer asignado en la memoria din\u00e1mica (heap) cuando realiza FTP. Cuando libcurl se conecta a un servidor FTP y logra iniciar sesi\u00f3n correctamente (de forma an\u00f3nima o no), pregunta al servidor por el directorio actual con el comando \\\"PWD\\\". El servidor contesta con una respuesta 257 que contiene la ruta (dentro de comillas dobles). El nombre de ruta devuelto lo almacena libcurl para usos posteriores. Debido a un error en el analizador sint\u00e1ctico de cadenas para este nombre de directorio, un nombre de directorio pasado de esta forma pero sin una comilla doble de cierre desembocar\u00eda en que libcurl no a\u00f1ade un byte NUL final al b\u00fafer que sostiene el nombre. Cuando libcurl accede a la cadena, podr\u00eda leer m\u00e1s all\u00e1 del b\u00fafer de memoria din\u00e1mica (heap) asignado y cerrarse inesperadamente o acceder err\u00f3neamente a datos m\u00e1s all\u00e1 del b\u00fafer, creyendo que forma parte de la ruta. Un servidor malicioso podr\u00eda aprovechar este hecho y evitar que clientes de libcurl lo empleen - el comando PWD siempre se emite en nuevas conexiones FTP y el error tiene una gran posibilidad de provocar una violaci\u00f3n de acceso. El hecho de que este problema se ha mantenido sin conocer durante tanto tiempo podr\u00eda indicar que las respuestas PWD mal formadas son raras en nuevos servidores. No se tiene constancia de exploits de este fallo. Este bug fue introducido en el commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7) en marzo de 2005. En la versi\u00f3n 7.46.0 de libcurl, el analizador sint\u00e1ctico siempre finaliza la cadena en cero, pero tambi\u00e9n la rechaza si no se finaliza correctamente con una comilla doble final.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB30E8CE-57AD-4225-8BC1-0C496A8A3D8B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F884BEE7-8AD7-4C39-B955-85578ADA7E5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.7.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9C70D1DF-E117-409F-A4DE-8602AFCF9F50\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.7.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E546224C-AA58-4025-B921-8D5ED1365FD2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8360A6AE-9735-4019-9A24-A5045D528455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.8.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21EDD6A3-9D85-4E54-96BB-3A8055EB286C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BE48C5C5-DF42-495D-A5A7-D189AE873CF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF611F14-AC9A-4D7E-BF95-2D00D880C40B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C378EDAB-0D0C-4A63-B230-0DC8EB74C5A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.9.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A6D6717E-CB09-493D-AD86-7D5C7782CE12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.9.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6AF87C3C-1AF9-4015-A794-C160AD3128D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CDAFF2D-1F8C-45CD-BADC-8CBCEC27A8CB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.9.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F7EDAFA2-030E-438B-B83A-CF78A409D382\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.9.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CE2A761-2015-4E52-B284-02DC7ED03636\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.9.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83BF3E1B-2F71-4142-A2A5-EA859D806094\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72EBCE6C-E0B9-4119-AD71-BF5CD3730D4F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DBB2456-4B56-48CC-8A5C-55D5F9CC770B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE20AFEE-7287-4BCE-AE29-32E967FF8F9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1060ADF7-99EF-46B1-A999-106E86DC0562\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D66CFF54-F18B-4B82-A39D-99F1D53B6357\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D7E1B7D-45B3-4803-B490-FDE40F018738\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2E1F9453-1FB6-4CA7-9285-A243E56667B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F79828BB-2412-46AD-BE3C-A51B48E191AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"72D0F13F-D56F-4C1C-A3CF-2E4E704817CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"90A4F2E2-1B43-470E-8935-CB32F12A0124\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"797DF5C7-509E-48FD-BD04-C66E01748728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47BD868A-CE3B-4E39-A588-C4EDA3265A71\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A2EE400-1C36-40F4-A9D1-9AB432F168BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"06E3CB14-FB16-4F4E-9AD9-A02DC727FF6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08DCC42C-C881-4AEA-9348-E8317C54D62B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2BC4EF5A-C8CB-4F33-B4D1-E4192B179D26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81CEF54A-9668-4031-926F-9B978DD5CDF7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45068C90-8915-4D19-B36B-993980E28D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24543011-2458-47B5-984A-901E70084902\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB482A9C-D577-4AEE-A08F-CAFA6586B51E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"65AF9B86-A555-4D5E-B24E-9EBF78BCD8CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"60BBDF07-DB97-433E-B542-EFEBE45550DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA8BE3F8-82ED-4DD7-991E-979E950C98B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"738AA231-4694-46E8-B559-1594263A9987\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E9E1F171-B887-499A-BF4F-538EBF347811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07AA276A-0EBA-4DC9-951C-8F8159FAC7A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DEEF534-9AD2-4439-9D69-E91D062C4647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"63643BE1-C978-4CD2-8ED1-2B979DB0676E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6FA04A0-9258-4654-ABCF-F41340B1FA35\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DE829230-AFDB-4131-9C6A-D9D7A66C5B57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E8BA30-8087-48D4-AE1B-48326FF826B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"47970EFF-2F51-4875-A6BD-E30614E13278\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"52C9B668-3204-41C5-A82E-262BDFA541DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08C8EE1E-E186-42D6-8B12-05865C73F261\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EEA3D88B-41B9-4D79-B47D-B3D6058C0C27\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C2C80901-D48E-4C2A-9BED-A40007A11C97\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"331A51E4-AA73-486F-9618-5A83965F2436\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EB32DF2C-9208-4853-ADEB-B00D764D7467\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E05636DC-7E38-4605-AAB8-81C0AE37520A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"624DF2F1-53FD-48D3-B93D-44E99C9C0C5D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2171C7C-311A-4405-B95F-3A54966FA844\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DE20A41-8B53-46FC-9002-69CC7495171F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"87ED9DA0-E880-4CBB-B1AC-5AEE8A004718\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5293C7F0-BF9F-4768-889A-876CE78903CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3EB41B3-65F3-4B0E-8CCC-325B14AF605B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"857B244C-2AFB-40C7-A893-7C6DE9871BCE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B732CE55-820A-40E0-A885-71BBB6CF8C15\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0455A5F2-1515-4CD8-BA2F-74D28E91A661\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29034B3A-BE9D-4D68-8C56-4465C03C3693\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6249538E-FBCB-4130-91FB-DA78D7BA45DE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5E11B8A5-50A2-468F-BFB3-86DD9D28AC73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9EAE25A0-3828-46F1-AB30-88732CBC9F38\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1533A85C-2160-445D-8787-E624AEDC5A0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D87B9393-7EA4-43DA-900C-7E840AE2D4C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D1249E9-304F-4952-8DAB-8B79CE5E7D54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83FAF953-6A65-4FAB-BDB5-03B468CD1C9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"29F8FF1F-A639-4161-9366-62528AAF4C07\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"812AB429-379A-4EDE-9664-5BC2989053F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"13DD791F-C4BD-4456-955A-92E84082AA09\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4A17E442-45AA-4780-98B4-9BF764DCC1C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6AF544C-5F16-4434-B9FB-93B1B7318950\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CBFD9ED9-2412-44AE-9C55-0ED03A121B23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E66A332-ECD1-4452-B444-FB629022FDF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDD3D599-35E9-4590-B5E0-3AF04D344695\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3B6BFFB-7967-482C-9B49-4BD25C815299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1791BF6D-2C96-4A6E-90D4-2906A73601F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260DD751-4145-4B75-B892-5FC932C6A305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EB1CB85-0A9B-4816-B471-278774EE6D4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3831AB03-4E7E-476D-9623-58AADC188DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABACE305-2F0C-4B59-BC5C-6DF162B450E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FAC1B55-F492-484E-B837-E7745682DE0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0D57914-B40A-462B-9C78-6433BE2B2DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9A12DF7-62C5-46AD-9236-E2821C64156E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C43697D-390A-4AC0-A5D8-62B6D22245BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52E9E9F-7A35-4CB9-813E-5A1D4A36415C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"257291FB-969C-4413-BA81-806B5E1B40A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88DC6ED5-4C1A-4ED0-97BA-B245C4A236C9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51AA7383-3AA1-4A3B-BA46-BBA8FBDC10DD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"003D8430-AA07-41B5-9F22-696C554CB277\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6C3ED21E-7907-4248-A32F-BB3102A80DC6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2E41520-CA31-4BA0-B247-F1DCAAE98DD6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"57F2C633-D720-4FD9-9C75-2D4C57120357\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8F2FBC9-059A-4299-B59F-8EFD797E3704\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"920FCC26-B458-46D8-B023-DB4C19A51718\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B21C08D5-7454-4292-A87C-900C9494E38B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B727926-90A2-4A7E-9905-70160C1E0D8D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1A247AE-B209-42BE-8BE7-865AE279D23E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8429FF9B-D7EA-40E6-A6E8-961EA71F20C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D387194-720A-4D9C-928E-6FAF2EC6C33C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F2782D32-B023-47B1-A513-251D5093CE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.50.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8373A4E6-BA92-4B5B-9E97-E8C1E8C22C13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.51.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"084F63A4-64E4-48FC-8B8C-A4F3E7D39D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.52.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F0D4DFF0-9953-4AB8-8C24-3977448BFE64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.52.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B5B274B-F232-47E8-9E8A-0EB08F97DE40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.53.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"73E42C72-868A-4AE4-A33E-79F8190C94C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.53.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24E2F3C4-5D88-4C16-BAA7-A34CF7687415\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.54.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"067EB50A-E70F-4C04-ACE7-67BD7E5A4344\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C1D4922-F424-45B1-AF98-B1DD33981110\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.55.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"43503F62-A348-4098-9121-214468EADF5F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.55.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B474D572-D1BE-45E1-A22E-309CB358A365\"}]}]}],\"references\":[{\"url\":\"http://www.debian.org/security/2017/dsa-3992\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/101115\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039509\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2486\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://curl.haxx.se/673d0cd8.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://curl.haxx.se/docs/adv_20171004.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/201712-04\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://support.apple.com/HT208331\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2017/dsa-3992\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/101115\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039509\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2486\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3558\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://curl.haxx.se/673d0cd8.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://curl.haxx.se/docs/adv_20171004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/201712-04\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/HT208331\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
BDU:2018-00108
Vulnerability from fstec - Published: 24.09.2017
VLAI
Title
Уязвимость синтаксического анализатора программного средства для взаимодействия с серверами curl, позволяющая нарушителю выполнить чтение за границами буфера в памяти
Description
Уязвимость синтаксического анализатора программного средства для взаимодействия с серверами curl связана с ошибкой при регистрации на сервере с использованием протокола FTP. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить доступ к данным за границами выделенного буфера в памяти с помощью специально сформированного PWD-ответа
Severity
Vendor
ООО «РусБИТех-Астра», Daniel Stenberg
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), cURL
Software Version
1.5 «Смоленск» (Astra Linux Special Edition), от 7.7 до 7.55.1 включительно (cURL)
Possible Mitigations
Для curl использование рекомендаций: https://curl.haxx.se/docs/adv_20171004.html
Для Astra Linux:
обновление программного обеспечения до 7.26.0-1+wheezy22 или более поздней версии
Reference
http://www.debian.org/security/2017/dsa-3992
http://www.securityfocus.com/bid/101115
http://www.securitytracker.com/id/1039509
https://curl.haxx.se/673d0cd8.patch
https://curl.haxx.se/docs/adv_20171004.html
https://security.gentoo.org/glsa/201712-04
https://support.apple.com/HT208331
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Daniel Stenberg",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), \u043e\u0442 7.7 \u0434\u043e 7.55.1 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (cURL)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f curl \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439: https://curl.haxx.se/docs/adv_20171004.html\n\n\u0414\u043b\u044f Astra Linux:\n\u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 7.26.0-1+wheezy22 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2017",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "24.01.2018",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2018-00108",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2017-1000254",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), cURL",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.5 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 curl, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u0447\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0441\u0438\u043d\u0442\u0430\u043a\u0441\u0438\u0447\u0435\u0441\u043a\u043e\u0433\u043e \u0430\u043d\u0430\u043b\u0438\u0437\u0430\u0442\u043e\u0440\u0430 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430 \u0434\u043b\u044f \u0432\u0437\u0430\u0438\u043c\u043e\u0434\u0435\u0439\u0441\u0442\u0432\u0438\u044f \u0441 \u0441\u0435\u0440\u0432\u0435\u0440\u0430\u043c\u0438 curl \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043e\u0448\u0438\u0431\u043a\u043e\u0439 \u043f\u0440\u0438 \u0440\u0435\u0433\u0438\u0441\u0442\u0440\u0430\u0446\u0438\u0438 \u043d\u0430 \u0441\u0435\u0440\u0432\u0435\u0440\u0435 \u0441 \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435\u043c \u043f\u0440\u043e\u0442\u043e\u043a\u043e\u043b\u0430 FTP. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u043f\u043e\u043b\u0443\u0447\u0438\u0442\u044c \u0434\u043e\u0441\u0442\u0443\u043f \u043a \u0434\u0430\u043d\u043d\u044b\u043c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0432\u044b\u0434\u0435\u043b\u0435\u043d\u043d\u043e\u0433\u043e \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u043f\u0430\u043c\u044f\u0442\u0438 \u0441 \u043f\u043e\u043c\u043e\u0449\u044c\u044e \u0441\u043f\u0435\u0446\u0438\u0430\u043b\u044c\u043d\u043e \u0441\u0444\u043e\u0440\u043c\u0438\u0440\u043e\u0432\u0430\u043d\u043d\u043e\u0433\u043e PWD-\u043e\u0442\u0432\u0435\u0442\u0430",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://www.debian.org/security/2017/dsa-3992\nhttp://www.securityfocus.com/bid/101115\nhttp://www.securitytracker.com/id/1039509\nhttps://curl.haxx.se/673d0cd8.patch\nhttps://curl.haxx.se/docs/adv_20171004.html\nhttps://security.gentoo.org/glsa/201712-04\nhttps://support.apple.com/HT208331",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2017-AVI-451
Vulnerability from certfr_avis - Published: 2017-12-07 - Updated: 2017-12-07
De multiples vulnérabilités ont été découvertes dans les produits Apple . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "",
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-13883",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13883"
},
{
"name": "CVE-2017-13847",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13847"
},
{
"name": "CVE-2017-13865",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13865"
},
{
"name": "CVE-2017-13860",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13860"
},
{
"name": "CVE-2017-13858",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13858"
},
{
"name": "CVE-2017-9798",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9798"
},
{
"name": "CVE-2017-13869",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13869"
},
{
"name": "CVE-2017-13868",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13868"
},
{
"name": "CVE-2017-13855",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13855"
},
{
"name": "CVE-2017-13844",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13844"
},
{
"name": "CVE-2017-13833",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13833"
},
{
"name": "CVE-2017-13862",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13862"
},
{
"name": "CVE-2017-13867",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13867"
},
{
"name": "CVE-2017-3735",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3735"
},
{
"name": "CVE-2017-13878",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13878"
},
{
"name": "CVE-2017-13872",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13872"
},
{
"name": "CVE-2017-13876",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13876"
},
{
"name": "CVE-2017-13875",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13875"
},
{
"name": "CVE-2017-1000254",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000254"
},
{
"name": "CVE-2017-13861",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13861"
},
{
"name": "CVE-2017-13871",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13871"
},
{
"name": "CVE-2017-13848",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13848"
},
{
"name": "CVE-2017-13826",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13826"
},
{
"name": "CVE-2017-13080",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-13080"
}
],
"initial_release_date": "2017-12-07T00:00:00",
"last_revision_date": "2017-12-07T00:00:00",
"links": [],
"reference": "CERTFR-2017-AVI-451",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2017-12-07T00:00:00.000000"
}
],
"risks": [
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple\n. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208331 du 06 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208331"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT208325 du 06 d\u00e9cembre 2017",
"url": "https://support.apple.com/en-us/HT208325"
}
]
}
CERTFR-2018-AVI-339
Vulnerability from certfr_avis - Published: 2018-07-12 - Updated: 2018-07-12
De multiples vulnérabilités ont été découvertes dans les produits Juniper . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Service Orchestration (CSO) versions antérieures à 4.0.0 et 3.3.0 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 18.1R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.1X46-D45, 12.1X46-D67, 12.1X46-D76, 12.1X46-D77, 12.3R11, 12.3R12-S10, 12.3X48-D20, 12.3X48-D25, 12.3X48-D55, 12.3X48-D66, 12.3X48-D70, 12.3X54-D34, 14.1X53-D30, 14.1X53-D47, 15.1F5-S5, 15.1F6-S1, 15.1F6-S10, 15.1F7, 15.1R4-S5, 15.1R4-S9, 15.1R5, 15.1R6-S6, 15.1R7, 15.1R7-S1, 15.1R8, 15.1X49-D110, 15.1X49-D131, 15.1X49-D140, 15.1X49-D20, 15.1X49-D35, 15.1X53-D233, 15.1X53-D234, 15.1X53-D47, 15.1X53-D470, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D60, 15.1X53-D67, 15.1X54-D70, 15.1X8.3, 16.1R2, 16.1R3, 16.1R3-S8, 16.1R3-S9, 16.1R4-S10, 16.1R4-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S1, 16.1R6-S3, 16.1R6-S4, 16.1R7, 16.1X65-D46, 16.1X65-D47, 16.2R1, 16.2R1-S6, 16.2R1-S7, 16.2R2-S5, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R1-S6, 17.2R2-S4, 17.2R2-S5, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.2X75-D70, 17.2X75-D90, 17.2X75-D91, 17.3R1, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R3, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R2, 18.1R1, 18.1R2, 18.1X75-D10, 18.2R1, 18.2X75-D10 et 18.2X75-D5 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 4.0.0 et 3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 18.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D45, 12.1X46-D67, 12.1X46-D76, 12.1X46-D77, 12.3R11, 12.3R12-S10, 12.3X48-D20, 12.3X48-D25, 12.3X48-D55, 12.3X48-D66, 12.3X48-D70, 12.3X54-D34, 14.1X53-D30, 14.1X53-D47, 15.1F5-S5, 15.1F6-S1, 15.1F6-S10, 15.1F7, 15.1R4-S5, 15.1R4-S9, 15.1R5, 15.1R6-S6, 15.1R7, 15.1R7-S1, 15.1R8, 15.1X49-D110, 15.1X49-D131, 15.1X49-D140, 15.1X49-D20, 15.1X49-D35, 15.1X53-D233, 15.1X53-D234, 15.1X53-D47, 15.1X53-D470, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D60, 15.1X53-D67, 15.1X54-D70, 15.1X8.3, 16.1R2, 16.1R3, 16.1R3-S8, 16.1R3-S9, 16.1R4-S10, 16.1R4-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S1, 16.1R6-S3, 16.1R6-S4, 16.1R7, 16.1X65-D46, 16.1X65-D47, 16.2R1, 16.2R1-S6, 16.2R1-S7, 16.2R2-S5, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R1-S6, 17.2R2-S4, 17.2R2-S5, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.2X75-D70, 17.2X75-D90, 17.2X75-D91, 17.3R1, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R3, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R2, 18.1R1, 18.1R2, 18.1X75-D10, 18.2R1, 18.2X75-D10 et 18.2X75-D5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7407"
},
{
"name": "CVE-2018-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0027"
},
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2015-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3153"
},
{
"name": "CVE-2018-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0024"
},
{
"name": "CVE-2017-1000257",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000257"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2013-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1944"
},
{
"name": "CVE-2018-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2603"
},
{
"name": "CVE-2017-8818",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8818"
},
{
"name": "CVE-2018-0031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0031"
},
{
"name": "CVE-2018-0035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0035"
},
{
"name": "CVE-2018-1000115",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000115"
},
{
"name": "CVE-2016-9952",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9952"
},
{
"name": "CVE-2017-10295",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10295"
},
{
"name": "CVE-2013-4545",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4545"
},
{
"name": "CVE-2015-7236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7236"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2016-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4802"
},
{
"name": "CVE-2017-10388",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10388"
},
{
"name": "CVE-2016-9953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9953"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2018-0039",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0039"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2015-3148",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3148"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2014-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3613"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2013-6422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6422"
},
{
"name": "CVE-2018-0042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0042"
},
{
"name": "CVE-2018-2618",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2618"
},
{
"name": "CVE-2018-1000005",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000005"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2016-0754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0754"
},
{
"name": "CVE-2017-1000101",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000101"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2014-8150",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8150"
},
{
"name": "CVE-2014-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3707"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2018-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0037"
},
{
"name": "CVE-2015-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3143"
},
{
"name": "CVE-2018-0040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0040"
},
{
"name": "CVE-2016-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5419"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2018-2637",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2637"
},
{
"name": "CVE-2017-10198",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10198"
},
{
"name": "CVE-2017-10355",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10355"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2017-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
},
{
"name": "CVE-2016-3739",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3739"
},
{
"name": "CVE-2018-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2663"
},
{
"name": "CVE-2017-15896",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15896"
},
{
"name": "CVE-2018-2579",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2579"
},
{
"name": "CVE-2017-8816",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8816"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"name": "CVE-2017-9502",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9502"
},
{
"name": "CVE-2018-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0030"
},
{
"name": "CVE-2018-0034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0034"
},
{
"name": "CVE-2018-2633",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2633"
},
{
"name": "CVE-2000-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2000-0973"
},
{
"name": "CVE-2014-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0139"
},
{
"name": "CVE-2016-5420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5420"
},
{
"name": "CVE-2016-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
},
{
"name": "CVE-2014-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0138"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2018-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0029"
},
{
"name": "CVE-2018-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0025"
},
{
"name": "CVE-2017-1000254",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000254"
},
{
"name": "CVE-2018-2599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2599"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2017-10356",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10356"
},
{
"name": "CVE-2018-0038",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0038"
},
{
"name": "CVE-2016-9586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
},
{
"name": "CVE-2017-1000100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000100"
},
{
"name": "CVE-2017-10345",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10345"
},
{
"name": "CVE-2018-0041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0041"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-2629",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2629"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2013-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2174"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-0032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0032"
},
{
"name": "CVE-2016-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5421"
},
{
"name": "CVE-2018-2678",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2678"
},
{
"name": "CVE-2014-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0015"
},
{
"name": "CVE-2017-1000099",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000099"
},
{
"name": "CVE-2018-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2588"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2018-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0026"
},
{
"name": "CVE-2016-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0755"
}
],
"initial_release_date": "2018-07-12T00:00:00",
"last_revision_date": "2018-07-12T00:00:00",
"links": [],
"reference": "CERTFR-2018-AVI-339",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10869 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10869\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10866 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10866\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10874 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10874\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10863 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10863\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10871 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10871\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10857 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10857\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10868 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10868\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10859 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10859\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10872 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10872\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10858 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10858\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10861 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10861\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10860 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10860\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10864 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10864\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10873 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10873\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10865 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10865\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CNVD-2017-33202
Vulnerability from cnvd - Published: 2017-11-08
VLAI
Title
Haxx libcurl拒绝服务漏洞
Description
Haxx libcurl是瑞典Haxx公司的一个免费、开源的客户端URL传输库。该库支持FTP、FTPS、TFTP、HTTP等。
Haxx libcurl 7.7版本至7.55.1版本中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。
Severity
中
Patch Name
Haxx libcurl拒绝服务漏洞的补丁
Patch Description
Haxx libcurl是瑞典Haxx公司的一个免费、开源的客户端URL传输库。该库支持FTP、FTPS、TFTP、HTTP等。
Haxx libcurl 7.7版本至7.55.1版本中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。 目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://curl.haxx.se/docs/adv_20171004.html
Reference
https://www.debian.org/security/2017/dsa-3992
http://www.securityfocus.com/bid/101115
Impacted products
| Name | Haxx Libcurl >=7.7,<=7.55.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-1000254"
}
},
"description": "Haxx libcurl\u662f\u745e\u5178Haxx\u516c\u53f8\u7684\u4e00\u4e2a\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5ba2\u6237\u7aefURL\u4f20\u8f93\u5e93\u3002\u8be5\u5e93\u652f\u6301FTP\u3001FTPS\u3001TFTP\u3001HTTP\u7b49\u3002\r\n\r\nHaxx libcurl 7.7\u7248\u672c\u81f37.55.1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Daniel Stenberg",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://curl.haxx.se/docs/adv_20171004.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-33202",
"openTime": "2017-11-08",
"patchDescription": "Haxx libcurl\u662f\u745e\u5178Haxx\u516c\u53f8\u7684\u4e00\u4e2a\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5ba2\u6237\u7aefURL\u4f20\u8f93\u5e93\u3002\u8be5\u5e93\u652f\u6301FTP\u3001FTPS\u3001TFTP\u3001HTTP\u7b49\u3002\r\n\r\nHaxx libcurl 7.7\u7248\u672c\u81f37.55.1\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Haxx libcurl\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "Haxx Libcurl \u003e=7.7\uff0c\u003c=7.55.1"
},
"referenceLink": "https://www.debian.org/security/2017/dsa-3992\r\nhttp://www.securityfocus.com/bid/101115",
"serverity": "\u4e2d",
"submitTime": "2017-10-09",
"title": "Haxx libcurl\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}
FKIE_CVE-2017-1000254
Vulnerability from fkie_nvd - Published: 2017-10-06 13:29 - Updated: 2026-05-13 00:24
Severity
Summary
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.debian.org/security/2017/dsa-3992 | ||
| cve@mitre.org | http://www.securityfocus.com/bid/101115 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1039509 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| cve@mitre.org | https://access.redhat.com/errata/RHSA-2018:3558 | ||
| cve@mitre.org | https://curl.haxx.se/673d0cd8.patch | Patch, Vendor Advisory | |
| cve@mitre.org | https://curl.haxx.se/docs/adv_20171004.html | Patch, Vendor Advisory | |
| cve@mitre.org | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| cve@mitre.org | https://security.gentoo.org/glsa/201712-04 | ||
| cve@mitre.org | https://support.apple.com/HT208331 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.debian.org/security/2017/dsa-3992 | ||
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/101115 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039509 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2486 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:3558 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://curl.haxx.se/673d0cd8.patch | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://curl.haxx.se/docs/adv_20171004.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201712-04 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/HT208331 |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | libcurl | 7.7 | |
| haxx | libcurl | 7.7.1 | |
| haxx | libcurl | 7.7.2 | |
| haxx | libcurl | 7.7.3 | |
| haxx | libcurl | 7.8 | |
| haxx | libcurl | 7.8.1 | |
| haxx | libcurl | 7.9 | |
| haxx | libcurl | 7.9.1 | |
| haxx | libcurl | 7.9.2 | |
| haxx | libcurl | 7.9.3 | |
| haxx | libcurl | 7.9.4 | |
| haxx | libcurl | 7.9.5 | |
| haxx | libcurl | 7.9.6 | |
| haxx | libcurl | 7.9.7 | |
| haxx | libcurl | 7.9.8 | |
| haxx | libcurl | 7.10 | |
| haxx | libcurl | 7.10.1 | |
| haxx | libcurl | 7.10.2 | |
| haxx | libcurl | 7.10.3 | |
| haxx | libcurl | 7.10.4 | |
| haxx | libcurl | 7.10.5 | |
| haxx | libcurl | 7.10.6 | |
| haxx | libcurl | 7.10.7 | |
| haxx | libcurl | 7.10.8 | |
| haxx | libcurl | 7.11.0 | |
| haxx | libcurl | 7.11.1 | |
| haxx | libcurl | 7.11.2 | |
| haxx | libcurl | 7.12.0 | |
| haxx | libcurl | 7.12.1 | |
| haxx | libcurl | 7.12.2 | |
| haxx | libcurl | 7.12.3 | |
| haxx | libcurl | 7.13.0 | |
| haxx | libcurl | 7.13.1 | |
| haxx | libcurl | 7.13.2 | |
| haxx | libcurl | 7.14.0 | |
| haxx | libcurl | 7.14.1 | |
| haxx | libcurl | 7.15.0 | |
| haxx | libcurl | 7.15.1 | |
| haxx | libcurl | 7.15.2 | |
| haxx | libcurl | 7.15.3 | |
| haxx | libcurl | 7.15.4 | |
| haxx | libcurl | 7.15.5 | |
| haxx | libcurl | 7.16.0 | |
| haxx | libcurl | 7.16.1 | |
| haxx | libcurl | 7.16.2 | |
| haxx | libcurl | 7.16.3 | |
| haxx | libcurl | 7.16.4 | |
| haxx | libcurl | 7.17.0 | |
| haxx | libcurl | 7.17.1 | |
| haxx | libcurl | 7.18.0 | |
| haxx | libcurl | 7.18.1 | |
| haxx | libcurl | 7.18.2 | |
| haxx | libcurl | 7.19.0 | |
| haxx | libcurl | 7.19.1 | |
| haxx | libcurl | 7.19.2 | |
| haxx | libcurl | 7.19.3 | |
| haxx | libcurl | 7.19.4 | |
| haxx | libcurl | 7.19.5 | |
| haxx | libcurl | 7.19.6 | |
| haxx | libcurl | 7.19.7 | |
| haxx | libcurl | 7.20.0 | |
| haxx | libcurl | 7.20.1 | |
| haxx | libcurl | 7.21.0 | |
| haxx | libcurl | 7.21.1 | |
| haxx | libcurl | 7.21.2 | |
| haxx | libcurl | 7.21.3 | |
| haxx | libcurl | 7.21.4 | |
| haxx | libcurl | 7.21.5 | |
| haxx | libcurl | 7.21.6 | |
| haxx | libcurl | 7.21.7 | |
| haxx | libcurl | 7.22.0 | |
| haxx | libcurl | 7.23.0 | |
| haxx | libcurl | 7.23.1 | |
| haxx | libcurl | 7.24.0 | |
| haxx | libcurl | 7.25.0 | |
| haxx | libcurl | 7.26.0 | |
| haxx | libcurl | 7.27.0 | |
| haxx | libcurl | 7.28.0 | |
| haxx | libcurl | 7.28.1 | |
| haxx | libcurl | 7.29.0 | |
| haxx | libcurl | 7.30.0 | |
| haxx | libcurl | 7.31.0 | |
| haxx | libcurl | 7.32.0 | |
| haxx | libcurl | 7.33.0 | |
| haxx | libcurl | 7.34.0 | |
| haxx | libcurl | 7.35.0 | |
| haxx | libcurl | 7.36.0 | |
| haxx | libcurl | 7.37.0 | |
| haxx | libcurl | 7.37.1 | |
| haxx | libcurl | 7.38.0 | |
| haxx | libcurl | 7.39 | |
| haxx | libcurl | 7.40.0 | |
| haxx | libcurl | 7.41.0 | |
| haxx | libcurl | 7.42.0 | |
| haxx | libcurl | 7.42.1 | |
| haxx | libcurl | 7.43.0 | |
| haxx | libcurl | 7.44.0 | |
| haxx | libcurl | 7.45.0 | |
| haxx | libcurl | 7.46.0 | |
| haxx | libcurl | 7.47.0 | |
| haxx | libcurl | 7.47.1 | |
| haxx | libcurl | 7.48.0 | |
| haxx | libcurl | 7.49.0 | |
| haxx | libcurl | 7.49.1 | |
| haxx | libcurl | 7.50.0 | |
| haxx | libcurl | 7.50.1 | |
| haxx | libcurl | 7.50.2 | |
| haxx | libcurl | 7.50.3 | |
| haxx | libcurl | 7.51.0 | |
| haxx | libcurl | 7.52.0 | |
| haxx | libcurl | 7.52.1 | |
| haxx | libcurl | 7.53.0 | |
| haxx | libcurl | 7.53.1 | |
| haxx | libcurl | 7.54.0 | |
| haxx | libcurl | 7.54.1 | |
| haxx | libcurl | 7.55.0 | |
| haxx | libcurl | 7.55.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.7:*:*:*:*:*:*:*",
"matchCriteriaId": "FB30E8CE-57AD-4225-8BC1-0C496A8A3D8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F884BEE7-8AD7-4C39-B955-85578ADA7E5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.7.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9C70D1DF-E117-409F-A4DE-8602AFCF9F50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.7.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E546224C-AA58-4025-B921-8D5ED1365FD2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.8:*:*:*:*:*:*:*",
"matchCriteriaId": "8360A6AE-9735-4019-9A24-A5045D528455",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "21EDD6A3-9D85-4E54-96BB-3A8055EB286C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.9:*:*:*:*:*:*:*",
"matchCriteriaId": "BE48C5C5-DF42-495D-A5A7-D189AE873CF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF611F14-AC9A-4D7E-BF95-2D00D880C40B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C378EDAB-0D0C-4A63-B230-0DC8EB74C5A4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.9.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A6D6717E-CB09-493D-AD86-7D5C7782CE12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.9.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6AF87C3C-1AF9-4015-A794-C160AD3128D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.9.5:*:*:*:*:*:*:*",
"matchCriteriaId": "4CDAFF2D-1F8C-45CD-BADC-8CBCEC27A8CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.9.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F7EDAFA2-030E-438B-B83A-CF78A409D382",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.9.7:*:*:*:*:*:*:*",
"matchCriteriaId": "6CE2A761-2015-4E52-B284-02DC7ED03636",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.9.8:*:*:*:*:*:*:*",
"matchCriteriaId": "83BF3E1B-2F71-4142-A2A5-EA859D806094",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10:*:*:*:*:*:*:*",
"matchCriteriaId": "72EBCE6C-E0B9-4119-AD71-BF5CD3730D4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5DBB2456-4B56-48CC-8A5C-55D5F9CC770B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "EE20AFEE-7287-4BCE-AE29-32E967FF8F9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "1060ADF7-99EF-46B1-A999-106E86DC0562",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D66CFF54-F18B-4B82-A39D-99F1D53B6357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.5:*:*:*:*:*:*:*",
"matchCriteriaId": "9D7E1B7D-45B3-4803-B490-FDE40F018738",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*",
"matchCriteriaId": "2E1F9453-1FB6-4CA7-9285-A243E56667B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F79828BB-2412-46AD-BE3C-A51B48E191AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*",
"matchCriteriaId": "72D0F13F-D56F-4C1C-A3CF-2E4E704817CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "90A4F2E2-1B43-470E-8935-CB32F12A0124",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "797DF5C7-509E-48FD-BD04-C66E01748728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*",
"matchCriteriaId": "47BD868A-CE3B-4E39-A588-C4EDA3265A71",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A2EE400-1C36-40F4-A9D1-9AB432F168BE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06E3CB14-FB16-4F4E-9AD9-A02DC727FF6D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "08DCC42C-C881-4AEA-9348-E8317C54D62B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2BC4EF5A-C8CB-4F33-B4D1-E4192B179D26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "81CEF54A-9668-4031-926F-9B978DD5CDF7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "45068C90-8915-4D19-B36B-993980E28D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "24543011-2458-47B5-984A-901E70084902",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FB482A9C-D577-4AEE-A08F-CAFA6586B51E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "65AF9B86-A555-4D5E-B24E-9EBF78BCD8CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "60BBDF07-DB97-433E-B542-EFEBE45550DB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CA8BE3F8-82ED-4DD7-991E-979E950C98B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*",
"matchCriteriaId": "738AA231-4694-46E8-B559-1594263A9987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E9E1F171-B887-499A-BF4F-538EBF347811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*",
"matchCriteriaId": "07AA276A-0EBA-4DC9-951C-8F8159FAC7A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*",
"matchCriteriaId": "8DEEF534-9AD2-4439-9D69-E91D062C4647",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "63643BE1-C978-4CD2-8ED1-2B979DB0676E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6FA04A0-9258-4654-ABCF-F41340B1FA35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DE829230-AFDB-4131-9C6A-D9D7A66C5B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*",
"matchCriteriaId": "B7E8BA30-8087-48D4-AE1B-48326FF826B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*",
"matchCriteriaId": "47970EFF-2F51-4875-A6BD-E30614E13278",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52C9B668-3204-41C5-A82E-262BDFA541DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "08C8EE1E-E186-42D6-8B12-05865C73F261",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EEA3D88B-41B9-4D79-B47D-B3D6058C0C27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C2C80901-D48E-4C2A-9BED-A40007A11C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*",
"matchCriteriaId": "331A51E4-AA73-486F-9618-5A83965F2436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB32DF2C-9208-4853-ADEB-B00D764D7467",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E05636DC-7E38-4605-AAB8-81C0AE37520A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "624DF2F1-53FD-48D3-B93D-44E99C9C0C5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F2171C7C-311A-4405-B95F-3A54966FA844",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE20A41-8B53-46FC-9002-69CC7495171F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "87ED9DA0-E880-4CBB-B1AC-5AEE8A004718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*",
"matchCriteriaId": "5293C7F0-BF9F-4768-889A-876CE78903CC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*",
"matchCriteriaId": "F3EB41B3-65F3-4B0E-8CCC-325B14AF605B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*",
"matchCriteriaId": "857B244C-2AFB-40C7-A893-7C6DE9871BCE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B732CE55-820A-40E0-A885-71BBB6CF8C15",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0455A5F2-1515-4CD8-BA2F-74D28E91A661",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "29034B3A-BE9D-4D68-8C56-4465C03C3693",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6249538E-FBCB-4130-91FB-DA78D7BA45DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5E11B8A5-50A2-468F-BFB3-86DD9D28AC73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9EAE25A0-3828-46F1-AB30-88732CBC9F38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1533A85C-2160-445D-8787-E624AEDC5A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*",
"matchCriteriaId": "D87B9393-7EA4-43DA-900C-7E840AE2D4C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7D1249E9-304F-4952-8DAB-8B79CE5E7D54",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*",
"matchCriteriaId": "83FAF953-6A65-4FAB-BDB5-03B468CD1C9A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*",
"matchCriteriaId": "29F8FF1F-A639-4161-9366-62528AAF4C07",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*",
"matchCriteriaId": "812AB429-379A-4EDE-9664-5BC2989053F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*",
"matchCriteriaId": "13DD791F-C4BD-4456-955A-92E84082AA09",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A17E442-45AA-4780-98B4-9BF764DCC1C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F6AF544C-5F16-4434-B9FB-93B1B7318950",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBFD9ED9-2412-44AE-9C55-0ED03A121B23",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67CCE31B-ABDA-4F32-BAF1-B1AD0664B3E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9E66A332-ECD1-4452-B444-FB629022FDF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDD3D599-35E9-4590-B5E0-3AF04D344695",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B6BFFB-7967-482C-9B49-4BD25C815299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1791BF6D-2C96-4A6E-90D4-2906A73601F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "260DD751-4145-4B75-B892-5FC932C6A305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB1CB85-0A9B-4816-B471-278774EE6D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3831AB03-4E7E-476D-9623-58AADC188DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABACE305-2F0C-4B59-BC5C-6DF162B450E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FAC1B55-F492-484E-B837-E7745682DE0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D57914-B40A-462B-9C78-6433BE2B2DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A12DF7-62C5-46AD-9236-E2821C64156E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4C43697D-390A-4AC0-A5D8-62B6D22245BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D52E9E9F-7A35-4CB9-813E-5A1D4A36415C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*",
"matchCriteriaId": "257291FB-969C-4413-BA81-806B5E1B40A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*",
"matchCriteriaId": "88DC6ED5-4C1A-4ED0-97BA-B245C4A236C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*",
"matchCriteriaId": "51AA7383-3AA1-4A3B-BA46-BBA8FBDC10DD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*",
"matchCriteriaId": "003D8430-AA07-41B5-9F22-696C554CB277",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6C3ED21E-7907-4248-A32F-BB3102A80DC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B2E41520-CA31-4BA0-B247-F1DCAAE98DD6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57F2C633-D720-4FD9-9C75-2D4C57120357",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A8F2FBC9-059A-4299-B59F-8EFD797E3704",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*",
"matchCriteriaId": "920FCC26-B458-46D8-B023-DB4C19A51718",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B21C08D5-7454-4292-A87C-900C9494E38B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B727926-90A2-4A7E-9905-70160C1E0D8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1A247AE-B209-42BE-8BE7-865AE279D23E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8429FF9B-D7EA-40E6-A6E8-961EA71F20C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9D387194-720A-4D9C-928E-6FAF2EC6C33C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F2782D32-B023-47B1-A513-251D5093CE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.50.3:*:*:*:*:*:*:*",
"matchCriteriaId": "8373A4E6-BA92-4B5B-9E97-E8C1E8C22C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.51.0:*:*:*:*:*:*:*",
"matchCriteriaId": "084F63A4-64E4-48FC-8B8C-A4F3E7D39D08",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.52.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F0D4DFF0-9953-4AB8-8C24-3977448BFE64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.52.1:*:*:*:*:*:*:*",
"matchCriteriaId": "1B5B274B-F232-47E8-9E8A-0EB08F97DE40",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.53.0:*:*:*:*:*:*:*",
"matchCriteriaId": "73E42C72-868A-4AE4-A33E-79F8190C94C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.53.1:*:*:*:*:*:*:*",
"matchCriteriaId": "24E2F3C4-5D88-4C16-BAA7-A34CF7687415",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.54.0:*:*:*:*:*:*:*",
"matchCriteriaId": "067EB50A-E70F-4C04-ACE7-67BD7E5A4344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C1D4922-F424-45B1-AF98-B1DD33981110",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.55.0:*:*:*:*:*:*:*",
"matchCriteriaId": "43503F62-A348-4098-9121-214468EADF5F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.55.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B474D572-D1BE-45E1-A22E-309CB358A365",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote."
},
{
"lang": "es",
"value": "libcurl podr\u00eda leer fuera de un b\u00fafer asignado en la memoria din\u00e1mica (heap) cuando realiza FTP. Cuando libcurl se conecta a un servidor FTP y logra iniciar sesi\u00f3n correctamente (de forma an\u00f3nima o no), pregunta al servidor por el directorio actual con el comando \"PWD\". El servidor contesta con una respuesta 257 que contiene la ruta (dentro de comillas dobles). El nombre de ruta devuelto lo almacena libcurl para usos posteriores. Debido a un error en el analizador sint\u00e1ctico de cadenas para este nombre de directorio, un nombre de directorio pasado de esta forma pero sin una comilla doble de cierre desembocar\u00eda en que libcurl no a\u00f1ade un byte NUL final al b\u00fafer que sostiene el nombre. Cuando libcurl accede a la cadena, podr\u00eda leer m\u00e1s all\u00e1 del b\u00fafer de memoria din\u00e1mica (heap) asignado y cerrarse inesperadamente o acceder err\u00f3neamente a datos m\u00e1s all\u00e1 del b\u00fafer, creyendo que forma parte de la ruta. Un servidor malicioso podr\u00eda aprovechar este hecho y evitar que clientes de libcurl lo empleen - el comando PWD siempre se emite en nuevas conexiones FTP y el error tiene una gran posibilidad de provocar una violaci\u00f3n de acceso. El hecho de que este problema se ha mantenido sin conocer durante tanto tiempo podr\u00eda indicar que las respuestas PWD mal formadas son raras en nuevos servidores. No se tiene constancia de exploits de este fallo. Este bug fue introducido en el commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7) en marzo de 2005. En la versi\u00f3n 7.46.0 de libcurl, el analizador sint\u00e1ctico siempre finaliza la cadena en cero, pero tambi\u00e9n la rechaza si no se finaliza correctamente con una comilla doble final."
}
],
"id": "CVE-2017-1000254",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-06T13:29:00.207",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3992"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101115"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039509"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "cve@mitre.org",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/673d0cd8.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/docs/adv_20171004.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201712-04"
},
{
"source": "cve@mitre.org",
"url": "https://support.apple.com/HT208331"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3992"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101115"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/673d0cd8.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/docs/adv_20171004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201712-04"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/HT208331"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-499V-2PWM-C696
Vulnerability from github – Published: 2022-05-13 01:09 – Updated: 2025-04-20 03:46
VLAI
Details
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit 415d2e7cb7, March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2017-1000254"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-06T13:29:00Z",
"severity": "HIGH"
},
"details": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"id": "GHSA-499v-2pwm-c696",
"modified": "2025-04-20T03:46:26Z",
"published": "2022-05-13T01:09:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/673d0cd8.patch"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/docs/adv_20171004.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201712-04"
},
{
"type": "WEB",
"url": "https://support.apple.com/HT208331"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2017/dsa-3992"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/101115"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039509"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2017-1000254
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-1000254",
"description": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"id": "GSD-2017-1000254",
"references": [
"https://www.suse.com/security/cve/CVE-2017-1000254.html",
"https://www.debian.org/security/2017/dsa-3992",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2018:2486",
"https://ubuntu.com/security/CVE-2017-1000254",
"https://advisories.mageia.org/CVE-2017-1000254.html",
"https://security.archlinux.org/CVE-2017-1000254",
"https://alas.aws.amazon.com/cve/html/CVE-2017-1000254.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-1000254"
],
"details": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"id": "GSD-2017-1000254",
"modified": "2023-12-13T01:21:02.099969Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-09-25",
"ID": "CVE-2017-1000254",
"REQUESTER": "daniel@haxx.se",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201712-04",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201712-04"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"url": "https://support.apple.com/HT208331"
},
{
"name": "1039509",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039509"
},
{
"name": "https://curl.haxx.se/673d0cd8.patch",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/673d0cd8.patch"
},
{
"name": "https://curl.haxx.se/docs/adv_20171004.html",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/docs/adv_20171004.html"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "DSA-3992",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3992"
},
{
"name": "101115",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/101115"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.7.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.9.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.9.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.11.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.14.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.55.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.50.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.48.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.49.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.17.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.17.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.23.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.23.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.29.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.8.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.9:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.9.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.13.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.52.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.53.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.44.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.45.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.50.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.50.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.18.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.20.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.9.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.26.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.27.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.7.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.7.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.8:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.9.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.9.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.12.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.55.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.52.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.51.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.43.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.49.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.42.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.42.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.18.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.18.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.5:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.6:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.24.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.25.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.9.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.9.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.11.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.11.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.14.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.53.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.54.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.46.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.47.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.47.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.50.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.16.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.19.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.20.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.21.7:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.22.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.28.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.28.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1000254"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://curl.haxx.se/673d0cd8.patch",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/673d0cd8.patch"
},
{
"name": "1039509",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039509"
},
{
"name": "101115",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/101115"
},
{
"name": "https://curl.haxx.se/docs/adv_20171004.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/docs/adv_20171004.html"
},
{
"name": "DSA-3992",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2017/dsa-3992"
},
{
"name": "GLSA-201712-04",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201712-04"
},
{
"name": "https://support.apple.com/HT208331",
"refsource": "CONFIRM",
"tags": [],
"url": "https://support.apple.com/HT208331"
},
{
"name": "RHSA-2018:2486",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"name": "RHSA-2018:3558",
"refsource": "REDHAT",
"tags": [],
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
},
{
"name": "[bookkeeper-issues] 20210628 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4@%3Cissues.bookkeeper.apache.org%3E"
},
{
"name": "[bookkeeper-issues] 20210629 [GitHub] [bookkeeper] padma81 opened a new issue #2746: Security Vulnerabilities in CentOS 7 image, Upgrade image to CentOS 8",
"refsource": "MLIST",
"tags": [],
"url": "https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b@%3Cissues.bookkeeper.apache.org%3E"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-06-29T15:15Z",
"publishedDate": "2017-10-06T13:29Z"
}
}
}
ICSA-19-155-01
Vulnerability from csaf_cisa - Published: 2019-06-04 00:00 - Updated: 2019-06-04 00:00Summary
PHOENIX CONTACT PLCNext AXC F 2152
Notes
CISA Disclaimer: This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov
Legal Notice: All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.
Risk evaluation: Successful exploitation of these vulnerabilities could allow an attacker to decrypt passwords, bypass authentication, and deny service to the device. In addition, these vulnerabilities could interact with third-party vulnerabilities to cause other impacts to integrity, confidentiality, and availability.
Critical infrastructure sectors: Commercial Facilities
Countries/areas deployed: Worldwide
Company headquarters location: Germany
Recommended Practices: NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:
Recommended Practices: NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.
Recommended Practices: Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.
Recommended Practices: NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:
Exploitability: No known public exploits specifically target these vulnerabilities.
7.6 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
6.8 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.8 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.1 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.1 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.1 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
9.1 (Critical)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
8.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
8.1 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.8 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
7.5 (High)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
6.7 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
6.5 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
6.1 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
6.1 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
5.9 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
5.3 (Medium)
Affected products
Known affected
2 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
AXC F 2152: article number 2404267 version 1.x
Phoenix Contact / AXC F 2152
|
2404267 version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
|
|
AXC F 2152: article number 1046568 (Starterkit) version 1.x
Phoenix Contact / AXC F 2152
|
1046568 (Starterkit) version 1.x |
Mitigation
Mitigation
Vendor Fix
fix
Mitigation
Mitigation
Mitigation
fix
Mitigation
fix
|
References
67 references
| URL | Category |
|---|---|
| https://raw.githubusercontent.com/cisagov/CSAF/de… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | self |
| https://www.cisa.gov/news-events/ics-advisories/i… | external |
| https://www.cisa.gov/uscert/sites/default/files/r… | external |
| https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B | external |
| https://www.cisa.gov/news-events/ics-advisories/i… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-9953 | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
| https://www.first.org/cvss/calculator/3.0#CVSS:3.… | external |
| http://web.nvd.nist.gov/view/vuln/detail?vulnId=C… | external |
Acknowledgments
Firmalyzer
Zahra Khani
OPC Foundation
{
"document": {
"acknowledgments": [
{
"names": [
"Zahra Khani"
],
"organization": "Firmalyzer",
"summary": "reporting some of these vulnerabilities to NCCIC"
},
{
"organization": "OPC Foundation",
"summary": "reporting some of these vulnerabilities to Phoenix Contact"
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Disclosure is not limited",
"tlp": {
"label": "WHITE",
"url": "https://us-cert.cisa.gov/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
"title": "CISA Disclaimer"
},
{
"category": "legal_disclaimer",
"text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
"title": "Legal Notice"
},
{
"category": "summary",
"text": "Successful exploitation of these vulnerabilities could allow an attacker to decrypt passwords, bypass authentication, and deny service to the device. In addition, these vulnerabilities could interact with third-party vulnerabilities to cause other impacts to integrity, confidentiality, and availability.",
"title": "Risk evaluation"
},
{
"category": "other",
"text": "Commercial Facilities",
"title": "Critical infrastructure sectors"
},
{
"category": "other",
"text": "Worldwide",
"title": "Countries/areas deployed"
},
{
"category": "other",
"text": "Germany",
"title": "Company headquarters location"
},
{
"category": "general",
"text": "NCCIC recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.NCCIC also provides a section for control systems security recommended practices on the ICS-CERT web page. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "Additional mitigation guidance and recommended practices are publicly available on the ICS-CERT website in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to NCCIC for tracking and correlation against other incidents.",
"title": "Recommended Practices"
},
{
"category": "general",
"text": "NCCIC also recommends that users take the following measures to protect themselves from social engineering attacks:",
"title": "Recommended Practices"
},
{
"category": "other",
"text": "No known public exploits specifically target these vulnerabilities.",
"title": "Exploitability"
}
],
"publisher": {
"category": "coordinator",
"contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
"name": "CISA",
"namespace": "https://www.cisa.gov/"
},
"references": [
{
"category": "self",
"summary": "ICS Advisory ICSA-19-155-01 JSON",
"url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2019/icsa-19-155-01.json"
},
{
"category": "self",
"summary": "ICS Advisory ICSA-19-155-01 - Web Scraped Version",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/uscert/ics/tips/ICS-TIP-12-146-01B"
},
{
"category": "external",
"summary": "Recommended Practices",
"url": "https://www.cisa.gov/news-events/ics-advisories/icsa-19-155-01"
}
],
"title": "PHOENIX CONTACT PLCNext AXC F 2152",
"tracking": {
"current_release_date": "2019-06-04T00:00:00.000000Z",
"generator": {
"engine": {
"name": "CISA CSAF Generator",
"version": "1.0.0"
}
},
"id": "ICSA-19-155-01",
"initial_release_date": "2019-06-04T00:00:00.000000Z",
"revision_history": [
{
"date": "2019-06-04T00:00:00.000000Z",
"legacy_version": "Initial",
"number": "1",
"summary": "ICSA-19-155-01 PHOENIX CONTACT PLCNext AXC F 2152"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "2404267 version 1.x",
"product": {
"name": "AXC F 2152: article number 2404267 version 1.x",
"product_id": "CSAFPID-0001"
}
}
],
"category": "product_name",
"name": "AXC F 2152"
},
{
"branches": [
{
"category": "product_version_range",
"name": "1046568 (Starterkit) version 1.x",
"product": {
"name": "AXC F 2152: article number 1046568 (Starterkit) version 1.x",
"product_id": "CSAFPID-0002"
}
}
],
"category": "product_name",
"name": "AXC F 2152"
}
],
"category": "vendor",
"name": "Phoenix Contact"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2018-7559",
"cwe": {
"id": "CWE-326",
"name": "Inadequate Encryption Strength"
},
"notes": [
{
"category": "summary",
"text": "A remote attacker can exploit a server \u0027s private key by sending carefully constructed UserIdentityTokens encrypted with the Basic128Rsa15 security policy. This could allow an attacker to decrypt passwords even if encrypted with another security policy such as Basic256Sha256. CVE-2018-7559 has been assigned to this vulnerability. A CVSS v3 base score of 7.6 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-7559"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.6,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-10998",
"cwe": {
"id": "CWE-284",
"name": "Improper Access Control"
},
"notes": [
{
"category": "summary",
"text": "An attacker with physical access to the device can manipulate SD card data, which could allow an attacker to bypass the authentication of the device. This device is designed for use in a protected industrial environment with restricted physical access.CVE-2019-10998 has been assigned to this vulnerability. A CVSS v3 base score of 6.8 has been calculated; the CVSS vector string is (AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10998"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2019-10997",
"cwe": {
"id": "CWE-300",
"name": "Channel Accessible by Non-Endpoint"
},
"notes": [
{
"category": "summary",
"text": "An attacker trying to connect to the device using a man-in-the-middle setup may crash the PLC service, resulting in a denial of service condition. The device must then be rebooted, or the PLC service must be restarted manually via Linux shell.CVE-2019-10997 has been assigned to this vulnerability. A CVSS v3 base score of 7.5 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10997"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-8816",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"notes": [
{
"category": "summary",
"text": "The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8816"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9953",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9953"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"environmentalScore": 9.8,
"environmentalSeverity": "CRITICAL",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 9.8,
"temporalSeverity": "CRITICAL",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-8817",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an \u0027[\u0027 character.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-8817"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11541",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 has a heap-based buffer over-read in the lldp_print function in print-lldp.c, related to util-print.c.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11541"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11542",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 has a heap-based buffer over-read in the pimv1_print function in print-pim.c.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11542"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11543",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 has a buffer overflow in the sliplink_print function in print-sl.c.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11543"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5334",
"cwe": {
"id": "CWE-415",
"name": "Double Free"
},
"notes": [
{
"category": "summary",
"text": "Double free vulnerability in the gnutls_x509_ext_import_proxy function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via crafted policy language information in an X.509 certificate with a Proxy Certificate Information extension.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5334"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5336",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Stack-based buffer overflow in the cdk_pk_get_keyid function in lib/opencdk/pubkey.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allows remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5336"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9841",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "summary",
"text": "inffast.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9841"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000120",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000120"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5337",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Multiple heap-based buffer overflows in the read_attribute function in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to have unspecified impact via a crafted OpenPGP certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5337"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9843",
"cwe": {
"id": "CWE-354",
"name": "Improper Validation of Integrity Check Value"
},
"notes": [
{
"category": "summary",
"text": "The crc32_big function in crc32.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving big-endian CRC calculation.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9843"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000257",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl\u0027s deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000257"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000122",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000122"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000301",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl \u003c 7.20.0 and curl \u003e= 7.60.0.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000301"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000005",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn\u0027t updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000005"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9842",
"cwe": {
"id": "CWE-1335",
"name": "Incorrect Bitwise Shift of Integer"
},
"notes": [
{
"category": "summary",
"text": "The inflateMark function in inflate.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact via vectors involving left shifts of negative integers.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9842"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9840",
"cwe": {
"id": "CWE-823",
"name": "Use of Out-of-range Pointer Offset"
},
"notes": [
{
"category": "summary",
"text": "inftrees.c in zlib 1.2.8 might allow context-dependent attackers to have unspecified impact by leveraging improper pointer arithmetic.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9840"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-9952",
"cwe": {
"id": "CWE-295",
"name": "Improper Certificate Validation"
},
"notes": [
{
"category": "summary",
"text": "The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by \"*.com.\"",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-9952"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-1247",
"cwe": {
"id": "CWE-59",
"name": "Improper Link Resolution Before File Access (\u0027Link Following\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The nginx package before 1.6.2-5+deb8u3 on Debian jessie, the nginx packages before 1.4.6-1ubuntu3.6 on Ubuntu 14.04 LTS, before 1.10.0-0ubuntu0.16.04.3 on Ubuntu 16.04 LTS, and before 1.10.1-0ubuntu1.1 on Ubuntu 16.10, and the nginx ebuild before 1.10.2-r3 on Gentoo allow local users with access to the web server user account to gain root privileges via a symlink attack on the error log.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1247"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-9023",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "The ASN.1 parser in strongSwan before 5.5.3 improperly handles CHOICE types when the x509 plugin is enabled, which allows remote attackers to cause a denial of service (infinite loop) via a crafted certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9023"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-6301",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The recv_and_process_client_pkt function in networking/ntpd.c in busybox allows remote attackers to cause a denial of service (CPU and bandwidth consumption) via a forged NTP packet, which triggers a communication loop.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-6301"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-7141",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"notes": [
{
"category": "summary",
"text": "curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7141"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-7444",
"cwe": {
"id": "CWE-130",
"name": "Improper Handling of Length Parameter Inconsistency"
},
"notes": [
{
"category": "summary",
"text": "The gnutls_ocsp_resp_check_crt function in lib/x509/ocsp.c in GnuTLS before 3.4.15 and 3.5.x before 3.5.4 does not verify the serial length of an OCSP response, which might allow remote attackers to bypass an intended certificate validation mechanism via vectors involving trailing bytes left by gnutls_malloc.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7444"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000121",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000121"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000254",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000254"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11108",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "tcpdump 4.9.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) via crafted packet data. The crash occurs in the EXTRACT_16BITS function, called from the stp_print function for the Spanning Tree Protocol.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11108"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-11185",
"cwe": {
"id": "CWE-476",
"name": "NULL Pointer Dereference"
},
"notes": [
{
"category": "summary",
"text": "The gmp plugin in strongSwan before 5.6.0 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a crafted RSA signature.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-11185"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3731",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "If an SSL/TLS server or client is running on a 32-bit host, and a specific cipher is being used, then a truncated packet can cause that server or client to perform an out-of-bounds read, usually resulting in a crash. For OpenSSL 1.1.0, the crash can be triggered when using CHACHA20/POLY1305; users should upgrade to 1.1.0d. For Openssl 1.0.2, the crash can be triggered when using RC4-MD5; users who have not disabled that algorithm should update to 1.0.2k.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3731"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-9233",
"cwe": {
"id": "CWE-835",
"name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
},
"notes": [
{
"category": "summary",
"text": "XML External Entity vulnerability in libexpat 2.2.0 and earlier (Expat XML Parser Library) allows attackers to put the parser in an infinite loop using a malformed external entity definition from an external DTD.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9233"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-5335",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"notes": [
{
"category": "summary",
"text": "The stream reading functions in lib/opencdk/read-packet.c in GnuTLS before 3.3.26 and 3.5.x before 3.5.8 allow remote attackers to cause a denial of service (out-of-memory error and crash) via a crafted OpenPGP certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-5335"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-9022",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"notes": [
{
"category": "summary",
"text": "The gmp plugin in strongSwan before 5.5.3 does not properly validate RSA public keys before calling mpz_powm_sec, which allows remote peers to cause a denial of service (floating point exception and process crash) via a crafted certificate.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-9022"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-1000117",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1000117"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-5388",
"cwe": {
"id": "CWE-124",
"name": "Buffer Underwrite (\u0027Buffer Underflow\u0027)"
},
"notes": [
{
"category": "summary",
"text": "In stroke_socket.c in strongSwan before 5.6.3, a missing packet length check could allow a buffer underflow, which may lead to resource exhaustion and denial of service while reading from the socket.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5388"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000101",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000101"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-1000100",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn\u0027t restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl\u0027s redirect protocols with --proto-redir and libcurl\u0027s with CURLOPT_REDIR_PROTOCOLS.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-1000100"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2016-7103",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "Cross-site scripting (XSS) vulnerability in jQuery UI before 1.12.0 might allow remote attackers to inject arbitrary web script or HTML via the closeText parameter of the dialog function.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-7103"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2015-9251",
"cwe": {
"id": "CWE-79",
"name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
},
"notes": [
{
"category": "summary",
"text": "jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-9251"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3738",
"cwe": {
"id": "CWE-200",
"name": "Exposure of Sensitive Information to an Unauthorized Actor"
},
"notes": [
{
"category": "summary",
"text": "There is an overflow bug in the AVX2 Montgomery multiplication procedure used in exponentiation with 1024-bit moduli. No EC algorithms are affected. Analysis suggests that attacks against RSA and DSA as a result of this defect would be very difficult to perform and are not believed likely. Attacks against DH1024 are considered just feasible, because most of the work necessary to deduce information about a private key may be performed offline. The amount of resources required for such an attack would be significant. However, for an attack on TLS to be meaningful, the server would have to share the DH1024 private key among multiple clients, which is no longer an option since CVE-2016-0701. This only affects processors that support the AVX2 but not ADX extensions like Intel Haswell (4th generation). Note: The impact from this issue is similar to CVE-2017-3736, CVE-2017-3732 and CVE-2015-3193. OpenSSL version 1.0.2-1.0.2m and 1.1.0-1.1.0g are affected. Fixed in OpenSSL 1.0.2n. Due to the low severity of this issue we are not issuing a new release of OpenSSL 1.1.0 at this time. The fix will be included in OpenSSL 1.1.0h when it becomes available. The fix is also available in commit e502cc86d in the OpenSSL git repository.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3738"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2018-0737",
"cwe": {
"id": "CWE-327",
"name": "Use of a Broken or Risky Cryptographic Algorithm"
},
"notes": [
{
"category": "summary",
"text": "The OpenSSL RSA Key generation algorithm has been shown to be vulnerable to a cache timing side channel attack. An attacker with sufficient access to mount cache timing attacks during the RSA key generation process could recover the private key. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2b-1.0.2o).",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-0737"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3737",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"notes": [
{
"category": "summary",
"text": "OpenSSL 1.0.2 (starting from version 1.0.2b) introduced an \"error state\" mechanism. The intent was that if a fatal error occurred during a handshake then OpenSSL would move into the error state and would immediately fail if you attempted to continue the handshake. This works as designed for the explicit handshake functions (SSL_do_handshake(), SSL_accept() and SSL_connect()), however due to a bug it does not work correctly if SSL_read() or SSL_write() is called directly. In that scenario, if the handshake fails then a fatal error will be returned in the initial function call. If SSL_read()/SSL_write() is subsequently called by the application for the same SSL object then it will succeed and the data is passed without being decrypted/encrypted directly from the SSL/TLS record layer. In order to exploit this issue an application bug would have to be present that resulted in a call to SSL_read()/SSL_write() being issued after having already received a fatal error. OpenSSL version 1.0.2b-1.0.2m are affected. Fixed in OpenSSL 1.0.2n. OpenSSL 1.1.0 is not affected.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3737"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-15906",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"notes": [
{
"category": "summary",
"text": "The process_open function in sftp-server.c in OpenSSH before 7.6 does not properly prevent write operations in readonly mode, which allows attackers to create zero-length files.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-15906"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
},
{
"cve": "CVE-2017-3735",
"cwe": {
"id": "CWE-119",
"name": "Improper Restriction of Operations within the Bounds of a Memory Buffer"
},
"notes": [
{
"category": "summary",
"text": "While parsing an IPAddressFamily extension in an X.509 certificate, it is possible to do a one-byte overread. This would result in an incorrect text display of the certificate. This bug has been present since 2006 and is present in all versions of OpenSSL before 1.0.2m and 1.1.0g.",
"title": "Vulnerability Summary"
}
],
"product_status": {
"known_affected": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
"references": [
{
"category": "external",
"summary": "web.nvd.nist.gov",
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-3735"
},
{
"category": "external",
"summary": "www.first.org",
"url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N"
}
],
"remediations": [
{
"category": "mitigation",
"details": "Phoenix Contact recommends affected users update to firmware release 2019.0 LTS or later, update to PLCNext Engineer release 2019.0 LTS or later, and apply the following specific mitigations below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Disable Basic128Rsa15 security policy in OPC Servers configuration. Use only Basic256 or higher.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "vendor_fix",
"details": "Follow the advice concerning SD card usage in the manual \u201cArt.-Nr. 107708: UM EN AXC F 2152 Installing, starting up, and operating the AXC F 2152 controller um_en_axc_f_2152_107708_en_02.pdf\u201d that can be found on the product page below:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/online/portal/us/?uri=pxc-oc-itemdetail:pid=2404267\u0026library=usen\u0026pcck=P-21-14-01\u0026tab=1\u0026selectedCategory=ALL"
},
{
"category": "mitigation",
"details": "Use the notification manager to monitor SD card exchanges by the application program.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Subscribe to PSIRT news as updates on the SD card vulnerability will be provided in the future.",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
]
},
{
"category": "mitigation",
"details": "Phoenix Contact also recommends users operate the devices in closed networks or environments protected with a suitable firewall. For detailed information on recommendations for measures to protect network-capable devices, please refer to the Phoenix Contact application note \u201cArt.-Nr. 107913: AH EN INDUSTRIAL SECURITY - Measures to protect network-capable devices with Ethernet connection against unauthorized access,\u201d which can be found at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://www.phoenixcontact.com/assets/downloads_ed/local_pc/web_dwl_technical_info/ah_en_industrial_security_107913_en_01.pdf"
},
{
"category": "mitigation",
"details": "For more information, CERT@VDE has released a security advisory available at the following link:",
"product_ids": [
"CSAFPID-0001",
"CSAFPID-0002"
],
"url": "https://cert.vde.com/en-us/advisories/vde-2019-009"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"CSAFPID-0001",
"CSAFPID-0002"
]
}
]
}
]
}
OPENSUSE-SU-2024:10582-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
curl-7.79.1-1.1 on GA media
Severity
Moderate
Notes
Title of the patch: curl-7.79.1-1.1 on GA media
Description of the patch: These are all security issues fixed in the curl-7.79.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-10582
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
4.8 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.2 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
9.1 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
9.8 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
9.1 (Critical)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
critical
5.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
low
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
7.5 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.7 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
7.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
4.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.1 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
8.1 (High)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
6.5 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.4 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.3 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.9 (Medium)
Affected products
Recommended
20 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
187 references
| URL | Category |
|---|---|
| https://www.suse.com/support/security/rating/ | external |
| https://ftp.suse.com/pub/projects/security/csaf/o… | self |
| https://www.suse.com/security/cve/CVE-2006-1061/ | self |
| https://www.suse.com/security/cve/CVE-2016-9586/ | self |
| https://www.suse.com/security/cve/CVE-2016-9594/ | self |
| https://www.suse.com/security/cve/CVE-2017-1000099/ | self |
| https://www.suse.com/security/cve/CVE-2017-1000100/ | self |
| https://www.suse.com/security/cve/CVE-2017-1000101/ | self |
| https://www.suse.com/security/cve/CVE-2017-1000254/ | self |
| https://www.suse.com/security/cve/CVE-2017-1000257/ | self |
| https://www.suse.com/security/cve/CVE-2017-2629/ | self |
| https://www.suse.com/security/cve/CVE-2017-7468/ | self |
| https://www.suse.com/security/cve/CVE-2017-8816/ | self |
| https://www.suse.com/security/cve/CVE-2017-8817/ | self |
| https://www.suse.com/security/cve/CVE-2017-8818/ | self |
| https://www.suse.com/security/cve/CVE-2017-9502/ | self |
| https://www.suse.com/security/cve/CVE-2018-0500/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000005/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000120/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000122/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000300/ | self |
| https://www.suse.com/security/cve/CVE-2018-1000301/ | self |
| https://www.suse.com/security/cve/CVE-2018-14618/ | self |
| https://www.suse.com/security/cve/CVE-2018-16839/ | self |
| https://www.suse.com/security/cve/CVE-2018-16840/ | self |
| https://www.suse.com/security/cve/CVE-2018-16842/ | self |
| https://www.suse.com/security/cve/CVE-2018-16890/ | self |
| https://www.suse.com/security/cve/CVE-2019-15601/ | self |
| https://www.suse.com/security/cve/CVE-2019-3822/ | self |
| https://www.suse.com/security/cve/CVE-2019-3823/ | self |
| https://www.suse.com/security/cve/CVE-2019-5435/ | self |
| https://www.suse.com/security/cve/CVE-2019-5436/ | self |
| https://www.suse.com/security/cve/CVE-2019-5481/ | self |
| https://www.suse.com/security/cve/CVE-2019-5482/ | self |
| https://www.suse.com/security/cve/CVE-2020-8169/ | self |
| https://www.suse.com/security/cve/CVE-2020-8231/ | self |
| https://www.suse.com/security/cve/CVE-2020-8284/ | self |
| https://www.suse.com/security/cve/CVE-2020-8285/ | self |
| https://www.suse.com/security/cve/CVE-2020-8286/ | self |
| https://www.suse.com/security/cve/CVE-2021-22297/ | self |
| https://www.suse.com/security/cve/CVE-2021-22298/ | self |
| https://www.suse.com/security/cve/CVE-2021-22876/ | self |
| https://www.suse.com/security/cve/CVE-2021-22890/ | self |
| https://www.suse.com/security/cve/CVE-2021-22898/ | self |
| https://www.suse.com/security/cve/CVE-2021-22901/ | self |
| https://www.suse.com/security/cve/CVE-2021-22922/ | self |
| https://www.suse.com/security/cve/CVE-2021-22924/ | self |
| https://www.suse.com/security/cve/CVE-2021-22945/ | self |
| https://www.suse.com/security/cve/CVE-2021-22946/ | self |
| https://www.suse.com/security/cve/CVE-2021-22947/ | self |
| https://www.suse.com/security/cve/CVE-2006-1061 | external |
| https://bugzilla.suse.com/157874 | external |
| https://www.suse.com/security/cve/CVE-2016-9586 | external |
| https://bugzilla.suse.com/1015332 | external |
| https://www.suse.com/security/cve/CVE-2016-9594 | external |
| https://bugzilla.suse.com/1016738 | external |
| https://bugzilla.suse.com/1017161 | external |
| https://bugzilla.suse.com/1042181 | external |
| https://www.suse.com/security/cve/CVE-2017-1000099 | external |
| https://bugzilla.suse.com/1051645 | external |
| https://bugzilla.suse.com/1053919 | external |
| https://www.suse.com/security/cve/CVE-2017-1000100 | external |
| https://bugzilla.suse.com/1051644 | external |
| https://www.suse.com/security/cve/CVE-2017-1000101 | external |
| https://bugzilla.suse.com/1051643 | external |
| https://www.suse.com/security/cve/CVE-2017-1000254 | external |
| https://bugzilla.suse.com/1061876 | external |
| https://www.suse.com/security/cve/CVE-2017-1000257 | external |
| https://bugzilla.suse.com/1063824 | external |
| https://www.suse.com/security/cve/CVE-2017-2629 | external |
| https://bugzilla.suse.com/1025379 | external |
| https://bugzilla.suse.com/1042181 | external |
| https://www.suse.com/security/cve/CVE-2017-7468 | external |
| https://bugzilla.suse.com/1033413 | external |
| https://bugzilla.suse.com/1033442 | external |
| https://bugzilla.suse.com/1042181 | external |
| https://bugzilla.suse.com/991389 | external |
| https://www.suse.com/security/cve/CVE-2017-8816 | external |
| https://bugzilla.suse.com/1069226 | external |
| https://bugzilla.suse.com/1106019 | external |
| https://www.suse.com/security/cve/CVE-2017-8817 | external |
| https://bugzilla.suse.com/1069222 | external |
| https://www.suse.com/security/cve/CVE-2017-8818 | external |
| https://bugzilla.suse.com/1069714 | external |
| https://www.suse.com/security/cve/CVE-2017-9502 | external |
| https://bugzilla.suse.com/1044243 | external |
| https://www.suse.com/security/cve/CVE-2018-0500 | external |
| https://bugzilla.suse.com/1099793 | external |
| https://www.suse.com/security/cve/CVE-2018-1000005 | external |
| https://bugzilla.suse.com/1076360 | external |
| https://www.suse.com/security/cve/CVE-2018-1000120 | external |
| https://bugzilla.suse.com/1084521 | external |
| https://bugzilla.suse.com/1101811 | external |
| https://bugzilla.suse.com/1112526 | external |
| https://www.suse.com/security/cve/CVE-2018-1000122 | external |
| https://bugzilla.suse.com/1084532 | external |
| https://bugzilla.suse.com/1101811 | external |
| https://bugzilla.suse.com/1112526 | external |
| https://www.suse.com/security/cve/CVE-2018-1000300 | external |
| https://bugzilla.suse.com/1092094 | external |
| https://www.suse.com/security/cve/CVE-2018-1000301 | external |
| https://bugzilla.suse.com/1092098 | external |
| https://bugzilla.suse.com/1122464 | external |
| https://www.suse.com/security/cve/CVE-2018-14618 | external |
| https://bugzilla.suse.com/1106019 | external |
| https://bugzilla.suse.com/1112758 | external |
| https://bugzilla.suse.com/1122464 | external |
| https://www.suse.com/security/cve/CVE-2018-16839 | external |
| https://bugzilla.suse.com/1112758 | external |
| https://bugzilla.suse.com/1113029 | external |
| https://bugzilla.suse.com/1131886 | external |
| https://www.suse.com/security/cve/CVE-2018-16840 | external |
| https://bugzilla.suse.com/1112758 | external |
| https://bugzilla.suse.com/1113029 | external |
| https://bugzilla.suse.com/1122464 | external |
| https://www.suse.com/security/cve/CVE-2018-16842 | external |
| https://bugzilla.suse.com/1113660 | external |
| https://bugzilla.suse.com/1122464 | external |
| https://www.suse.com/security/cve/CVE-2018-16890 | external |
| https://bugzilla.suse.com/1123371 | external |
| https://bugzilla.suse.com/1123378 | external |
| https://bugzilla.suse.com/1141798 | external |
| https://www.suse.com/security/cve/CVE-2019-15601 | external |
| https://bugzilla.suse.com/1160301 | external |
| https://www.suse.com/security/cve/CVE-2019-3822 | external |
| https://bugzilla.suse.com/1123377 | external |
| https://bugzilla.suse.com/1141798 | external |
| https://www.suse.com/security/cve/CVE-2019-3823 | external |
| https://bugzilla.suse.com/1123378 | external |
| https://bugzilla.suse.com/1126909 | external |
| https://bugzilla.suse.com/1141798 | external |
| https://www.suse.com/security/cve/CVE-2019-5435 | external |
| https://bugzilla.suse.com/1135176 | external |
| https://bugzilla.suse.com/1154162 | external |
| https://www.suse.com/security/cve/CVE-2019-5436 | external |
| https://bugzilla.suse.com/1135170 | external |
| https://bugzilla.suse.com/1149496 | external |
| https://bugzilla.suse.com/1154162 | external |
| https://bugzilla.suse.com/1167096 | external |
| https://www.suse.com/security/cve/CVE-2019-5481 | external |
| https://bugzilla.suse.com/1149495 | external |
| https://www.suse.com/security/cve/CVE-2019-5482 | external |
| https://bugzilla.suse.com/1149496 | external |
| https://bugzilla.suse.com/1156634 | external |
| https://www.suse.com/security/cve/CVE-2020-8169 | external |
| https://bugzilla.suse.com/1173026 | external |
| https://bugzilla.suse.com/1186108 | external |
| https://www.suse.com/security/cve/CVE-2020-8231 | external |
| https://bugzilla.suse.com/1175109 | external |
| https://bugzilla.suse.com/1179399 | external |
| https://bugzilla.suse.com/1186108 | external |
| https://www.suse.com/security/cve/CVE-2020-8284 | external |
| https://bugzilla.suse.com/1179398 | external |
| https://bugzilla.suse.com/1179399 | external |
| https://bugzilla.suse.com/1186108 | external |
| https://www.suse.com/security/cve/CVE-2020-8285 | external |
| https://bugzilla.suse.com/1179399 | external |
| https://bugzilla.suse.com/1186108 | external |
| https://www.suse.com/security/cve/CVE-2020-8286 | external |
| https://bugzilla.suse.com/1179593 | external |
| https://bugzilla.suse.com/1186108 | external |
| https://www.suse.com/security/cve/CVE-2021-22297 | external |
| https://www.suse.com/security/cve/CVE-2021-22298 | external |
| https://www.suse.com/security/cve/CVE-2021-22876 | external |
| https://bugzilla.suse.com/1183933 | external |
| https://www.suse.com/security/cve/CVE-2021-22890 | external |
| https://bugzilla.suse.com/1183934 | external |
| https://www.suse.com/security/cve/CVE-2021-22898 | external |
| https://bugzilla.suse.com/1186114 | external |
| https://bugzilla.suse.com/1192450 | external |
| https://www.suse.com/security/cve/CVE-2021-22901 | external |
| https://bugzilla.suse.com/1186115 | external |
| https://bugzilla.suse.com/1188549 | external |
| https://www.suse.com/security/cve/CVE-2021-22922 | external |
| https://bugzilla.suse.com/1188217 | external |
| https://bugzilla.suse.com/1192447 | external |
| https://www.suse.com/security/cve/CVE-2021-22924 | external |
| https://bugzilla.suse.com/1188219 | external |
| https://bugzilla.suse.com/1192447 | external |
| https://bugzilla.suse.com/1200196 | external |
| https://www.suse.com/security/cve/CVE-2021-22945 | external |
| https://bugzilla.suse.com/1190213 | external |
| https://www.suse.com/security/cve/CVE-2021-22946 | external |
| https://bugzilla.suse.com/1190373 | external |
| https://bugzilla.suse.com/1194948 | external |
| https://www.suse.com/security/cve/CVE-2021-22947 | external |
| https://bugzilla.suse.com/1190374 | external |
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "curl-7.79.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the curl-7.79.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10582",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10582-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-1061 page",
"url": "https://www.suse.com/security/cve/CVE-2006-1061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9586 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9594 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000099 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000100 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000101 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000254 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000257 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2629 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7468 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8816 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8817 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8818 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9502 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000005 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000120 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000300 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14618 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16842 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16890 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15601 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3822 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3823 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5435 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5435/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5436 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5481 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5482 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8169 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8231 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8284 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8285 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8286 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22297 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22298 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22876 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22890 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22898 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22901 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22922 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22924 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22945 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22946 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22947 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22947/"
}
],
"title": "curl-7.79.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10582-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "curl-7.79.1-1.1.aarch64",
"product": {
"name": "curl-7.79.1-1.1.aarch64",
"product_id": "curl-7.79.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.79.1-1.1.aarch64",
"product": {
"name": "libcurl-devel-7.79.1-1.1.aarch64",
"product_id": "libcurl-devel-7.79.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.79.1-1.1.aarch64",
"product": {
"name": "libcurl-devel-32bit-7.79.1-1.1.aarch64",
"product_id": "libcurl-devel-32bit-7.79.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.79.1-1.1.aarch64",
"product": {
"name": "libcurl4-7.79.1-1.1.aarch64",
"product_id": "libcurl4-7.79.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.79.1-1.1.aarch64",
"product": {
"name": "libcurl4-32bit-7.79.1-1.1.aarch64",
"product_id": "libcurl4-32bit-7.79.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.79.1-1.1.ppc64le",
"product": {
"name": "curl-7.79.1-1.1.ppc64le",
"product_id": "curl-7.79.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.79.1-1.1.ppc64le",
"product": {
"name": "libcurl-devel-7.79.1-1.1.ppc64le",
"product_id": "libcurl-devel-7.79.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"product": {
"name": "libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"product_id": "libcurl-devel-32bit-7.79.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-7.79.1-1.1.ppc64le",
"product": {
"name": "libcurl4-7.79.1-1.1.ppc64le",
"product_id": "libcurl4-7.79.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.79.1-1.1.ppc64le",
"product": {
"name": "libcurl4-32bit-7.79.1-1.1.ppc64le",
"product_id": "libcurl4-32bit-7.79.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.79.1-1.1.s390x",
"product": {
"name": "curl-7.79.1-1.1.s390x",
"product_id": "curl-7.79.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.79.1-1.1.s390x",
"product": {
"name": "libcurl-devel-7.79.1-1.1.s390x",
"product_id": "libcurl-devel-7.79.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.79.1-1.1.s390x",
"product": {
"name": "libcurl-devel-32bit-7.79.1-1.1.s390x",
"product_id": "libcurl-devel-32bit-7.79.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-7.79.1-1.1.s390x",
"product": {
"name": "libcurl4-7.79.1-1.1.s390x",
"product_id": "libcurl4-7.79.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.79.1-1.1.s390x",
"product": {
"name": "libcurl4-32bit-7.79.1-1.1.s390x",
"product_id": "libcurl4-32bit-7.79.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.79.1-1.1.x86_64",
"product": {
"name": "curl-7.79.1-1.1.x86_64",
"product_id": "curl-7.79.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.79.1-1.1.x86_64",
"product": {
"name": "libcurl-devel-7.79.1-1.1.x86_64",
"product_id": "libcurl-devel-7.79.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.79.1-1.1.x86_64",
"product": {
"name": "libcurl-devel-32bit-7.79.1-1.1.x86_64",
"product_id": "libcurl-devel-32bit-7.79.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.79.1-1.1.x86_64",
"product": {
"name": "libcurl4-7.79.1-1.1.x86_64",
"product_id": "libcurl4-7.79.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.79.1-1.1.x86_64",
"product": {
"name": "libcurl4-32bit-7.79.1-1.1.x86_64",
"product_id": "libcurl4-32bit-7.79.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.79.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64"
},
"product_reference": "curl-7.79.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.79.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le"
},
"product_reference": "curl-7.79.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.79.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.79.1-1.1.s390x"
},
"product_reference": "curl-7.79.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.79.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64"
},
"product_reference": "curl-7.79.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.79.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64"
},
"product_reference": "libcurl-devel-7.79.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.79.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le"
},
"product_reference": "libcurl-devel-7.79.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.79.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x"
},
"product_reference": "libcurl-devel-7.79.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.79.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64"
},
"product_reference": "libcurl-devel-7.79.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.79.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64"
},
"product_reference": "libcurl-devel-32bit-7.79.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.79.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le"
},
"product_reference": "libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.79.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x"
},
"product_reference": "libcurl-devel-32bit-7.79.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.79.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64"
},
"product_reference": "libcurl-devel-32bit-7.79.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.79.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64"
},
"product_reference": "libcurl4-7.79.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.79.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le"
},
"product_reference": "libcurl4-7.79.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.79.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x"
},
"product_reference": "libcurl4-7.79.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.79.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
},
"product_reference": "libcurl4-7.79.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.79.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64"
},
"product_reference": "libcurl4-32bit-7.79.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.79.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le"
},
"product_reference": "libcurl4-32bit-7.79.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.79.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x"
},
"product_reference": "libcurl4-32bit-7.79.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.79.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.79.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-1061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-1061"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-1061",
"url": "https://www.suse.com/security/cve/CVE-2006-1061"
},
{
"category": "external",
"summary": "SUSE Bug 157874 for CVE-2006-1061",
"url": "https://bugzilla.suse.com/157874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-1061"
},
{
"cve": "CVE-2016-9586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9586"
}
],
"notes": [
{
"category": "general",
"text": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl\u0027s implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9586",
"url": "https://www.suse.com/security/cve/CVE-2016-9586"
},
{
"category": "external",
"summary": "SUSE Bug 1015332 for CVE-2016-9586",
"url": "https://bugzilla.suse.com/1015332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9586"
},
{
"cve": "CVE-2016-9594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9594"
}
],
"notes": [
{
"category": "general",
"text": "curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl\u0027s internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9594",
"url": "https://www.suse.com/security/cve/CVE-2016-9594"
},
{
"category": "external",
"summary": "SUSE Bug 1016738 for CVE-2016-9594",
"url": "https://bugzilla.suse.com/1016738"
},
{
"category": "external",
"summary": "SUSE Bug 1017161 for CVE-2016-9594",
"url": "https://bugzilla.suse.com/1017161"
},
{
"category": "external",
"summary": "SUSE Bug 1042181 for CVE-2016-9594",
"url": "https://bugzilla.suse.com/1042181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-9594"
},
{
"cve": "CVE-2017-1000099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000099"
}
],
"notes": [
{
"category": "general",
"text": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000099",
"url": "https://www.suse.com/security/cve/CVE-2017-1000099"
},
{
"category": "external",
"summary": "SUSE Bug 1051645 for CVE-2017-1000099",
"url": "https://bugzilla.suse.com/1051645"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-1000099",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-1000099"
},
{
"cve": "CVE-2017-1000100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000100"
}
],
"notes": [
{
"category": "general",
"text": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn\u0027t restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl\u0027s redirect protocols with --proto-redir and libcurl\u0027s with CURLOPT_REDIR_PROTOCOLS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000100",
"url": "https://www.suse.com/security/cve/CVE-2017-1000100"
},
{
"category": "external",
"summary": "SUSE Bug 1051644 for CVE-2017-1000100",
"url": "https://bugzilla.suse.com/1051644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-1000100"
},
{
"cve": "CVE-2017-1000101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000101"
}
],
"notes": [
{
"category": "general",
"text": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000101",
"url": "https://www.suse.com/security/cve/CVE-2017-1000101"
},
{
"category": "external",
"summary": "SUSE Bug 1051643 for CVE-2017-1000101",
"url": "https://bugzilla.suse.com/1051643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-1000101"
},
{
"cve": "CVE-2017-1000254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000254"
}
],
"notes": [
{
"category": "general",
"text": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000254",
"url": "https://www.suse.com/security/cve/CVE-2017-1000254"
},
{
"category": "external",
"summary": "SUSE Bug 1061876 for CVE-2017-1000254",
"url": "https://bugzilla.suse.com/1061876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-1000254"
},
{
"cve": "CVE-2017-1000257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000257"
}
],
"notes": [
{
"category": "general",
"text": "An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl\u0027s deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000257",
"url": "https://www.suse.com/security/cve/CVE-2017-1000257"
},
{
"category": "external",
"summary": "SUSE Bug 1063824 for CVE-2017-1000257",
"url": "https://bugzilla.suse.com/1063824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-1000257"
},
{
"cve": "CVE-2017-2629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2629"
}
],
"notes": [
{
"category": "general",
"text": "curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server\u0027s certificate\u0027s validity in the code that checks for a test success or failure. It ends up always thinking there\u0027s valid proof, even when there is none or if the server doesn\u0027t support the TLS extension in question. This could lead to users not detecting when a server\u0027s certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2629",
"url": "https://www.suse.com/security/cve/CVE-2017-2629"
},
{
"category": "external",
"summary": "SUSE Bug 1025379 for CVE-2017-2629",
"url": "https://bugzilla.suse.com/1025379"
},
{
"category": "external",
"summary": "SUSE Bug 1042181 for CVE-2017-2629",
"url": "https://bugzilla.suse.com/1042181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-2629"
},
{
"cve": "CVE-2017-7468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7468"
}
],
"notes": [
{
"category": "general",
"text": "In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn\u0027t be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7468",
"url": "https://www.suse.com/security/cve/CVE-2017-7468"
},
{
"category": "external",
"summary": "SUSE Bug 1033413 for CVE-2017-7468",
"url": "https://bugzilla.suse.com/1033413"
},
{
"category": "external",
"summary": "SUSE Bug 1033442 for CVE-2017-7468",
"url": "https://bugzilla.suse.com/1033442"
},
{
"category": "external",
"summary": "SUSE Bug 1042181 for CVE-2017-7468",
"url": "https://bugzilla.suse.com/1042181"
},
{
"category": "external",
"summary": "SUSE Bug 991389 for CVE-2017-7468",
"url": "https://bugzilla.suse.com/991389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-7468"
},
{
"cve": "CVE-2017-8816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8816"
}
],
"notes": [
{
"category": "general",
"text": "The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8816",
"url": "https://www.suse.com/security/cve/CVE-2017-8816"
},
{
"category": "external",
"summary": "SUSE Bug 1069226 for CVE-2017-8816",
"url": "https://bugzilla.suse.com/1069226"
},
{
"category": "external",
"summary": "SUSE Bug 1106019 for CVE-2017-8816",
"url": "https://bugzilla.suse.com/1106019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8816"
},
{
"cve": "CVE-2017-8817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8817"
}
],
"notes": [
{
"category": "general",
"text": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an \u0027[\u0027 character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8817",
"url": "https://www.suse.com/security/cve/CVE-2017-8817"
},
{
"category": "external",
"summary": "SUSE Bug 1069222 for CVE-2017-8817",
"url": "https://bugzilla.suse.com/1069222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8817"
},
{
"cve": "CVE-2017-8818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8818"
}
],
"notes": [
{
"category": "general",
"text": "curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8818",
"url": "https://www.suse.com/security/cve/CVE-2017-8818"
},
{
"category": "external",
"summary": "SUSE Bug 1069714 for CVE-2017-8818",
"url": "https://bugzilla.suse.com/1069714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-8818"
},
{
"cve": "CVE-2017-9502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9502"
}
],
"notes": [
{
"category": "general",
"text": "In curl before 7.54.1 on Windows and DOS, libcurl\u0027s default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given \"URL\" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string \"file://\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9502",
"url": "https://www.suse.com/security/cve/CVE-2017-9502"
},
{
"category": "external",
"summary": "SUSE Bug 1044243 for CVE-2017-9502",
"url": "https://bugzilla.suse.com/1044243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-9502"
},
{
"cve": "CVE-2018-0500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0500"
}
],
"notes": [
{
"category": "general",
"text": "Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0500",
"url": "https://www.suse.com/security/cve/CVE-2018-0500"
},
{
"category": "external",
"summary": "SUSE Bug 1099793 for CVE-2018-0500",
"url": "https://bugzilla.suse.com/1099793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-0500"
},
{
"cve": "CVE-2018-1000005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000005"
}
],
"notes": [
{
"category": "general",
"text": "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn\u0027t updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000005",
"url": "https://www.suse.com/security/cve/CVE-2018-1000005"
},
{
"category": "external",
"summary": "SUSE Bug 1076360 for CVE-2018-1000005",
"url": "https://bugzilla.suse.com/1076360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-1000005"
},
{
"cve": "CVE-2018-1000120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000120"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000120",
"url": "https://www.suse.com/security/cve/CVE-2018-1000120"
},
{
"category": "external",
"summary": "SUSE Bug 1084521 for CVE-2018-1000120",
"url": "https://bugzilla.suse.com/1084521"
},
{
"category": "external",
"summary": "SUSE Bug 1101811 for CVE-2018-1000120",
"url": "https://bugzilla.suse.com/1101811"
},
{
"category": "external",
"summary": "SUSE Bug 1112526 for CVE-2018-1000120",
"url": "https://bugzilla.suse.com/1112526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000120"
},
{
"cve": "CVE-2018-1000122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000122"
}
],
"notes": [
{
"category": "general",
"text": "A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000122",
"url": "https://www.suse.com/security/cve/CVE-2018-1000122"
},
{
"category": "external",
"summary": "SUSE Bug 1084532 for CVE-2018-1000122",
"url": "https://bugzilla.suse.com/1084532"
},
{
"category": "external",
"summary": "SUSE Bug 1101811 for CVE-2018-1000122",
"url": "https://bugzilla.suse.com/1101811"
},
{
"category": "external",
"summary": "SUSE Bug 1112526 for CVE-2018-1000122",
"url": "https://bugzilla.suse.com/1112526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000122"
},
{
"cve": "CVE-2018-1000300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000300"
}
],
"notes": [
{
"category": "general",
"text": "curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl \u003c 7.54.1 and curl \u003e= 7.60.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000300",
"url": "https://www.suse.com/security/cve/CVE-2018-1000300"
},
{
"category": "external",
"summary": "SUSE Bug 1092094 for CVE-2018-1000300",
"url": "https://bugzilla.suse.com/1092094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-1000300"
},
{
"cve": "CVE-2018-1000301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000301"
}
],
"notes": [
{
"category": "general",
"text": "curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl \u003c 7.20.0 and curl \u003e= 7.60.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000301",
"url": "https://www.suse.com/security/cve/CVE-2018-1000301"
},
{
"category": "external",
"summary": "SUSE Bug 1092098 for CVE-2018-1000301",
"url": "https://bugzilla.suse.com/1092098"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-1000301",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-1000301"
},
{
"cve": "CVE-2018-14618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14618"
}
],
"notes": [
{
"category": "general",
"text": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14618",
"url": "https://www.suse.com/security/cve/CVE-2018-14618"
},
{
"category": "external",
"summary": "SUSE Bug 1106019 for CVE-2018-14618",
"url": "https://bugzilla.suse.com/1106019"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-14618",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-14618",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14618"
},
{
"cve": "CVE-2018-16839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16839"
}
],
"notes": [
{
"category": "general",
"text": "Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16839",
"url": "https://www.suse.com/security/cve/CVE-2018-16839"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1113029 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "external",
"summary": "SUSE Bug 1131886 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1131886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16839"
},
{
"cve": "CVE-2018-16840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16840"
}
],
"notes": [
{
"category": "general",
"text": "A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16840",
"url": "https://www.suse.com/security/cve/CVE-2018-16840"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1113029 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16840"
},
{
"cve": "CVE-2018-16842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16842"
}
],
"notes": [
{
"category": "general",
"text": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16842",
"url": "https://www.suse.com/security/cve/CVE-2018-16842"
},
{
"category": "external",
"summary": "SUSE Bug 1113660 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1113660"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16842"
},
{
"cve": "CVE-2018-16890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16890"
}
],
"notes": [
{
"category": "general",
"text": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16890",
"url": "https://www.suse.com/security/cve/CVE-2018-16890"
},
{
"category": "external",
"summary": "SUSE Bug 1123371 for CVE-2018-16890",
"url": "https://bugzilla.suse.com/1123371"
},
{
"category": "external",
"summary": "SUSE Bug 1123378 for CVE-2018-16890",
"url": "https://bugzilla.suse.com/1123378"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2018-16890",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-16890"
},
{
"cve": "CVE-2019-15601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15601"
}
],
"notes": [
{
"category": "general",
"text": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15601",
"url": "https://www.suse.com/security/cve/CVE-2019-15601"
},
{
"category": "external",
"summary": "SUSE Bug 1160301 for CVE-2019-15601",
"url": "https://bugzilla.suse.com/1160301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-15601"
},
{
"cve": "CVE-2019-3822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3822"
}
],
"notes": [
{
"category": "general",
"text": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large \u0027nt response\u0027 data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a \u0027large value\u0027 needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3822",
"url": "https://www.suse.com/security/cve/CVE-2019-3822"
},
{
"category": "external",
"summary": "SUSE Bug 1123377 for CVE-2019-3822",
"url": "https://bugzilla.suse.com/1123377"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-3822",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-3822"
},
{
"cve": "CVE-2019-3823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3823"
}
],
"notes": [
{
"category": "general",
"text": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn\u0027t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3823",
"url": "https://www.suse.com/security/cve/CVE-2019-3823"
},
{
"category": "external",
"summary": "SUSE Bug 1123378 for CVE-2019-3823",
"url": "https://bugzilla.suse.com/1123378"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2019-3823",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-3823",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3823"
},
{
"cve": "CVE-2019-5435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5435"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in curl\u0027s URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5435",
"url": "https://www.suse.com/security/cve/CVE-2019-5435"
},
{
"category": "external",
"summary": "SUSE Bug 1135176 for CVE-2019-5435",
"url": "https://bugzilla.suse.com/1135176"
},
{
"category": "external",
"summary": "SUSE Bug 1154162 for CVE-2019-5435",
"url": "https://bugzilla.suse.com/1154162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5435"
},
{
"cve": "CVE-2019-5436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5436"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5436",
"url": "https://www.suse.com/security/cve/CVE-2019-5436"
},
{
"category": "external",
"summary": "SUSE Bug 1135170 for CVE-2019-5436",
"url": "https://bugzilla.suse.com/1135170"
},
{
"category": "external",
"summary": "SUSE Bug 1149496 for CVE-2019-5436",
"url": "https://bugzilla.suse.com/1149496"
},
{
"category": "external",
"summary": "SUSE Bug 1154162 for CVE-2019-5436",
"url": "https://bugzilla.suse.com/1154162"
},
{
"category": "external",
"summary": "SUSE Bug 1167096 for CVE-2019-5436",
"url": "https://bugzilla.suse.com/1167096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5436"
},
{
"cve": "CVE-2019-5481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5481"
}
],
"notes": [
{
"category": "general",
"text": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5481",
"url": "https://www.suse.com/security/cve/CVE-2019-5481"
},
{
"category": "external",
"summary": "SUSE Bug 1149495 for CVE-2019-5481",
"url": "https://bugzilla.suse.com/1149495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5481"
},
{
"cve": "CVE-2019-5482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5482"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5482",
"url": "https://www.suse.com/security/cve/CVE-2019-5482"
},
{
"category": "external",
"summary": "SUSE Bug 1149496 for CVE-2019-5482",
"url": "https://bugzilla.suse.com/1149496"
},
{
"category": "external",
"summary": "SUSE Bug 1156634 for CVE-2019-5482",
"url": "https://bugzilla.suse.com/1156634"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5482"
},
{
"cve": "CVE-2020-8169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8169"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8169",
"url": "https://www.suse.com/security/cve/CVE-2020-8169"
},
{
"category": "external",
"summary": "SUSE Bug 1173026 for CVE-2020-8169",
"url": "https://bugzilla.suse.com/1173026"
},
{
"category": "external",
"summary": "SUSE Bug 1186108 for CVE-2020-8169",
"url": "https://bugzilla.suse.com/1186108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8169"
},
{
"cve": "CVE-2020-8231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8231"
}
],
"notes": [
{
"category": "general",
"text": "Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8231",
"url": "https://www.suse.com/security/cve/CVE-2020-8231"
},
{
"category": "external",
"summary": "SUSE Bug 1175109 for CVE-2020-8231",
"url": "https://bugzilla.suse.com/1175109"
},
{
"category": "external",
"summary": "SUSE Bug 1179399 for CVE-2020-8231",
"url": "https://bugzilla.suse.com/1179399"
},
{
"category": "external",
"summary": "SUSE Bug 1186108 for CVE-2020-8231",
"url": "https://bugzilla.suse.com/1186108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8284"
}
],
"notes": [
{
"category": "general",
"text": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8284",
"url": "https://www.suse.com/security/cve/CVE-2020-8284"
},
{
"category": "external",
"summary": "SUSE Bug 1179398 for CVE-2020-8284",
"url": "https://bugzilla.suse.com/1179398"
},
{
"category": "external",
"summary": "SUSE Bug 1179399 for CVE-2020-8284",
"url": "https://bugzilla.suse.com/1179399"
},
{
"category": "external",
"summary": "SUSE Bug 1186108 for CVE-2020-8284",
"url": "https://bugzilla.suse.com/1186108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8285"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8285",
"url": "https://www.suse.com/security/cve/CVE-2020-8285"
},
{
"category": "external",
"summary": "SUSE Bug 1179399 for CVE-2020-8285",
"url": "https://bugzilla.suse.com/1179399"
},
{
"category": "external",
"summary": "SUSE Bug 1186108 for CVE-2020-8285",
"url": "https://bugzilla.suse.com/1186108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8286"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8286",
"url": "https://www.suse.com/security/cve/CVE-2020-8286"
},
{
"category": "external",
"summary": "SUSE Bug 1179593 for CVE-2020-8286",
"url": "https://bugzilla.suse.com/1179593"
},
{
"category": "external",
"summary": "SUSE Bug 1186108 for CVE-2020-8286",
"url": "https://bugzilla.suse.com/1186108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2021-22297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22297"
}
],
"notes": [
{
"category": "general",
"text": "unknown",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22297",
"url": "https://www.suse.com/security/cve/CVE-2021-22297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22297"
},
{
"cve": "CVE-2021-22298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22298"
}
],
"notes": [
{
"category": "general",
"text": "There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22298",
"url": "https://www.suse.com/security/cve/CVE-2021-22298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22298"
},
{
"cve": "CVE-2021-22876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22876"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22876",
"url": "https://www.suse.com/security/cve/CVE-2021-22876"
},
{
"category": "external",
"summary": "SUSE Bug 1183933 for CVE-2021-22876",
"url": "https://bugzilla.suse.com/1183933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22876"
},
{
"cve": "CVE-2021-22890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22890"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22890",
"url": "https://www.suse.com/security/cve/CVE-2021-22890"
},
{
"category": "external",
"summary": "SUSE Bug 1183934 for CVE-2021-22890",
"url": "https://bugzilla.suse.com/1183934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22890"
},
{
"cve": "CVE-2021-22898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22898"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22898",
"url": "https://www.suse.com/security/cve/CVE-2021-22898"
},
{
"category": "external",
"summary": "SUSE Bug 1186114 for CVE-2021-22898",
"url": "https://bugzilla.suse.com/1186114"
},
{
"category": "external",
"summary": "SUSE Bug 1192450 for CVE-2021-22898",
"url": "https://bugzilla.suse.com/1192450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22898"
},
{
"cve": "CVE-2021-22901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22901"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22901",
"url": "https://www.suse.com/security/cve/CVE-2021-22901"
},
{
"category": "external",
"summary": "SUSE Bug 1186115 for CVE-2021-22901",
"url": "https://bugzilla.suse.com/1186115"
},
{
"category": "external",
"summary": "SUSE Bug 1188549 for CVE-2021-22901",
"url": "https://bugzilla.suse.com/1188549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-22922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22922"
}
],
"notes": [
{
"category": "general",
"text": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22922",
"url": "https://www.suse.com/security/cve/CVE-2021-22922"
},
{
"category": "external",
"summary": "SUSE Bug 1188217 for CVE-2021-22922",
"url": "https://bugzilla.suse.com/1188217"
},
{
"category": "external",
"summary": "SUSE Bug 1192447 for CVE-2021-22922",
"url": "https://bugzilla.suse.com/1192447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22922"
},
{
"cve": "CVE-2021-22924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22924"
}
],
"notes": [
{
"category": "general",
"text": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22924",
"url": "https://www.suse.com/security/cve/CVE-2021-22924"
},
{
"category": "external",
"summary": "SUSE Bug 1188219 for CVE-2021-22924",
"url": "https://bugzilla.suse.com/1188219"
},
{
"category": "external",
"summary": "SUSE Bug 1192447 for CVE-2021-22924",
"url": "https://bugzilla.suse.com/1192447"
},
{
"category": "external",
"summary": "SUSE Bug 1200196 for CVE-2021-22924",
"url": "https://bugzilla.suse.com/1200196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22924"
},
{
"cve": "CVE-2021-22945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22945"
}
],
"notes": [
{
"category": "general",
"text": "When sending data to an MQTT server, libcurl \u003c= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22945",
"url": "https://www.suse.com/security/cve/CVE-2021-22945"
},
{
"category": "external",
"summary": "SUSE Bug 1190213 for CVE-2021-22945",
"url": "https://bugzilla.suse.com/1190213"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22945"
},
{
"cve": "CVE-2021-22946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22946"
}
],
"notes": [
{
"category": "general",
"text": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22946",
"url": "https://www.suse.com/security/cve/CVE-2021-22946"
},
{
"category": "external",
"summary": "SUSE Bug 1190373 for CVE-2021-22946",
"url": "https://bugzilla.suse.com/1190373"
},
{
"category": "external",
"summary": "SUSE Bug 1194948 for CVE-2021-22946",
"url": "https://bugzilla.suse.com/1194948"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22946"
},
{
"cve": "CVE-2021-22947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22947"
}
],
"notes": [
{
"category": "general",
"text": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker\u0027s injected data comes from the TLS-protected server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22947",
"url": "https://www.suse.com/security/cve/CVE-2021-22947"
},
{
"category": "external",
"summary": "SUSE Bug 1190374 for CVE-2021-22947",
"url": "https://bugzilla.suse.com/1190374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22947"
}
]
}
RHSA-2018:2486
Vulnerability from csaf_redhat - Published: 2018-08-16 16:06 - Updated: 2026-05-14 22:24Summary
Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update
Severity
Important
Notes
Topic: Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available.
Red Hat Product Security has rated this release as having a security impact
of Important. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available for each vulnerability
from the CVE link(s) in the References section.
Details: This release adds the new Apache HTTP Server 2.4.29 packages that are part
of the JBoss Core Services offering.
This release serves as a replacement for Red Hat JBoss Core Services
Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer
to the Release Notes for information on the most significant bug fixes,
enhancements and component upgrades included in this release.
Security Fix(es):
* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)
* curl: escape and unescape integer overflows (CVE-2016-7167)
* curl: Cookie injection for other servers (CVE-2016-8615)
* curl: Case insensitive password comparison (CVE-2016-8616)
* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)
* curl: Double-free in curl_maprintf (CVE-2016-8618)
* curl: Double-free in krb5 code (CVE-2016-8619)
* curl: curl_getdate out-of-bounds read (CVE-2016-8621)
* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)
* curl: Use-after-free via shared cookies (CVE-2016-8623)
* curl: Invalid URL parsing with '#' (CVE-2016-8624)
* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)
* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)
* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)
* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)
* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)
* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)
* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)
* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)
* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)
* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)
Details around this issue, including information about the CVE, severity of
the issue, and the CVSS score can be found on the CVE page listed in the
Reference section below.
The following packages have been upgraded to a newer upstream version:
* Curl (7.57.0)
* OpenSSL (1.0.2n)
* Expat (2.2.5)
* PCRE (8.41)
* libxml2 (2.9.7)
Acknowledgements:
CVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.
Upstream acknowledges Max Dymond as the original reporter.
CVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.
CVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.
6.8 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.
CWE-113 - Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.
8.8 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Important
Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions.
CWE-190 - Integer Overflow or WraparoundAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.
CWE-287 - Improper AuthenticationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
CWE-787 - Out-of-bounds WriteAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.
CWE-190 - Integer Overflow or WraparoundAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.
CWE-416 - Use After FreeAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
5.3 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.
6.7 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.
4.3 ()
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.
CWE-20 - Improper Input ValidationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.
CWE-20 - Improper Input ValidationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.
CWE-20 - Improper Input ValidationAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. The variable len is assigned strlen(buf). If the content->type is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content->prefix is appended to buf (if it actually fits) whereupon (ii) content->name is written to the buffer. However, the check for whether the content->name actually fits also uses 'len' rather than the updated buffer length strlen(buf). This allows us to write about "size" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer 'buf' of size 'size'. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 < size. This vulnerability causes programs that use libxml2, such as PHP, to crash.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.
6.5 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.
CWE-400 - Uncontrolled Resource ConsumptionAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Low
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.
CWE-125 - Out-of-bounds ReadAffected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.
4.8 (Medium)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.
7.5 (High)
Affected products
Fixed
1 product
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Text-Only JBCS
Red Hat / Red Hat JBoss Core Services
|
cpe:/a:redhat:jboss_core_services:1
|
— |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
168 references
| URL | Category |
|---|---|
| https://access.redhat.com/errata/RHSA-2018:2486 | self |
| https://access.redhat.com/security/updates/classi… | external |
| https://access.redhat.com/documentation/en-us/red… | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1296102 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1375906 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388370 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388371 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388377 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388378 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388379 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388385 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388386 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388388 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388390 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388392 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1408306 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1425365 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1434504 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1437364 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1437367 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1437369 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1495541 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1503705 | external |
| https://bugzilla.redhat.com/show_bug.cgi?id=1597101 | external |
| https://security.access.redhat.com/data/csaf/v2/a… | self |
| https://access.redhat.com/security/cve/CVE-2016-0718 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1296102 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-0718 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-0718 | external |
| https://access.redhat.com/security/cve/CVE-2016-4975 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1375968 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-4975 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-4975 | external |
| https://httpd.apache.org/security/vulnerabilities… | external |
| https://httpd.apache.org/security/vulnerabilities… | external |
| https://access.redhat.com/security/cve/CVE-2016-5131 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1358641 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-5131 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-5131 | external |
| https://googlechromereleases.blogspot.com/2016/07… | external |
| https://access.redhat.com/security/cve/CVE-2016-7167 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1375906 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-7167 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-7167 | external |
| https://curl.haxx.se/docs/adv_20160914.html | external |
| https://access.redhat.com/security/cve/CVE-2016-8615 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388370 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-8615 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-8615 | external |
| https://curl.haxx.se/docs/adv_20161102A.html | external |
| https://access.redhat.com/security/cve/CVE-2016-8616 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388371 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-8616 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-8616 | external |
| https://curl.haxx.se/docs/adv_20161102B.html | external |
| https://access.redhat.com/security/cve/CVE-2016-8617 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388377 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-8617 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-8617 | external |
| https://curl.haxx.se/docs/adv_20161102C.html | external |
| https://access.redhat.com/security/cve/CVE-2016-8618 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388378 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-8618 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-8618 | external |
| https://curl.haxx.se/docs/adv_20161102D.html | external |
| https://access.redhat.com/security/cve/CVE-2016-8619 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388379 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-8619 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-8619 | external |
| https://curl.haxx.se/docs/adv_20161102E.html | external |
| https://access.redhat.com/security/cve/CVE-2016-8621 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388385 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-8621 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-8621 | external |
| https://curl.haxx.se/docs/adv_20161102G.html | external |
| https://access.redhat.com/security/cve/CVE-2016-8622 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388386 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-8622 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-8622 | external |
| https://curl.haxx.se/docs/adv_20161102H.html | external |
| https://access.redhat.com/security/cve/CVE-2016-8623 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388388 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-8623 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-8623 | external |
| https://curl.haxx.se/docs/adv_20161102I.html | external |
| https://access.redhat.com/security/cve/CVE-2016-8624 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388390 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-8624 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-8624 | external |
| https://curl.haxx.se/docs/adv_20161102J.html | external |
| https://access.redhat.com/security/cve/CVE-2016-8625 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1388392 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-8625 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-8625 | external |
| https://curl.haxx.se/docs/adv_20161102K.html | external |
| https://access.redhat.com/security/cve/CVE-2016-9318 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1395609 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-9318 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-9318 | external |
| https://access.redhat.com/security/cve/CVE-2016-9596 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1408302 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-9596 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-9596 | external |
| https://access.redhat.com/security/cve/CVE-2016-9597 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1408305 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-9597 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-9597 | external |
| https://access.redhat.com/security/cve/CVE-2016-9598 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1408306 | external |
| https://www.cve.org/CVERecord?id=CVE-2016-9598 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2016-9598 | external |
| https://access.redhat.com/security/cve/CVE-2017-6004 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1425365 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-6004 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-6004 | external |
| https://access.redhat.com/security/cve/CVE-2017-7186 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1434504 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-7186 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-7186 | external |
| https://access.redhat.com/security/cve/CVE-2017-7244 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1437364 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-7244 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-7244 | external |
| https://blogs.gentoo.org/ago/2017/03/20/libpcre-i… | external |
| https://access.redhat.com/security/cve/CVE-2017-7245 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1437367 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-7245 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-7245 | external |
| https://blogs.gentoo.org/ago/2017/03/20/libpcre-t… | external |
| https://access.redhat.com/security/cve/CVE-2017-7246 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1437369 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-7246 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-7246 | external |
| https://access.redhat.com/security/cve/CVE-2017-9047 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1452554 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-9047 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-9047 | external |
| https://access.redhat.com/security/cve/CVE-2017-9048 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1452549 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-9048 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-9048 | external |
| https://access.redhat.com/security/cve/CVE-2017-9049 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1452556 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-9049 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-9049 | external |
| https://access.redhat.com/security/cve/CVE-2017-9050 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1452553 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-9050 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-9050 | external |
| https://access.redhat.com/security/cve/CVE-2017-18258 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1566749 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-18258 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-18258 | external |
| https://access.redhat.com/security/cve/CVE-2017-1000254 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1495541 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-1000254 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-1000254 | external |
| https://curl.haxx.se/docs/adv_20171004.html | external |
| https://access.redhat.com/security/cve/CVE-2017-1000257 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1503705 | external |
| https://www.cve.org/CVERecord?id=CVE-2017-1000257 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2017-1000257 | external |
| https://curl.haxx.se/docs/adv_20171023.html | external |
| https://access.redhat.com/security/cve/CVE-2018-0500 | self |
| https://bugzilla.redhat.com/show_bug.cgi?id=1597101 | external |
| https://www.cve.org/CVERecord?id=CVE-2018-0500 | external |
| https://nvd.nist.gov/vuln/detail/CVE-2018-0500 | external |
| https://curl.haxx.se/docs/adv_2018-70a2.html | external |
Acknowledgments
Gustavo Grieco
the Curl project
Max Dymond
Brian Carpenter
the OSS-Fuzz project
Peter Wu
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Red Hat JBoss Core Services Pack Apache Server 2.4.29 packages for Microsoft Windows and Oracle Solaris are now available.\n\nRed Hat Product Security has rated this release as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "This release adds the new Apache HTTP Server 2.4.29 packages that are part\nof the JBoss Core Services offering.\n\nThis release serves as a replacement for Red Hat JBoss Core Services\nApache HTTP Server 2.4.23, and includes bug fixes and enhancements. Refer\nto the Release Notes for information on the most significant bug fixes,\nenhancements and component upgrades included in this release.\n\nSecurity Fix(es):\n\n* expat: Out-of-bounds heap read on crafted input causing crash (CVE-2016-0718)\n* curl: escape and unescape integer overflows (CVE-2016-7167)\n* curl: Cookie injection for other servers (CVE-2016-8615)\n* curl: Case insensitive password comparison (CVE-2016-8616)\n* curl: Out-of-bounds write via unchecked multiplication (CVE-2016-8617)\n* curl: Double-free in curl_maprintf (CVE-2016-8618)\n* curl: Double-free in krb5 code (CVE-2016-8619)\n* curl: curl_getdate out-of-bounds read (CVE-2016-8621)\n* curl: URL unescape heap overflow via integer truncation (CVE-2016-8622)\n* curl: Use-after-free via shared cookies (CVE-2016-8623)\n* curl: Invalid URL parsing with \u0027#\u0027 (CVE-2016-8624)\n* curl: IDNA 2003 makes curl use wrong host (CVE-2016-8625)\n* libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS) (CVE-2016-9598)\n* pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3) (CVE-2017-6004)\n* pcre: Invalid Unicode property lookup (8.41/7, 10.24/2) (CVE-2017-7186)\n* pcre: invalid memory read in_pcre32_xclass (pcre_xclass.c) (CVE-2017-7244)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7245)\n* pcre: stack-based buffer overflow write in pcre32_copy_substring (CVE-2017-7246)\n* curl: FTP PWD response parser out of bounds read (CVE-2017-1000254)\n* curl: IMAP FETCH response out of bounds read (CVE-2017-1000257)\n* curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP (CVE-2018-0500)\n\nDetails around this issue, including information about the CVE, severity of\nthe issue, and the CVSS score can be found on the CVE page listed in the\nReference section below.\n\nThe following packages have been upgraded to a newer upstream version:\n* Curl (7.57.0)\n* OpenSSL (1.0.2n)\n* Expat (2.2.5)\n* PCRE (8.41)\n* libxml2 (2.9.7)\n\nAcknowledgements:\n\nCVE-2017-1000254: Red Hat would like to thank Daniel Stenberg for reporting this issue.\nUpstream acknowledges Max Dymond as the original reporter.\nCVE-2017-1000257: Red Hat would like to thank the Curl project for reporting this issue. Upstream acknowledges Brian Carpenter, (the OSS-Fuzz project) as the original reporter.\nCVE-2018-0500: Red Hat would like to thank the Curl project for reporting this issue.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2486",
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/",
"url": "https://access.redhat.com/documentation/en-us/red_hat_jboss_core_services/2.4.29/html-single/red_hat_jboss_core_services_apache_http_server_2.4.29_release_notes/"
},
{
"category": "external",
"summary": "1296102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102"
},
{
"category": "external",
"summary": "1375906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375906"
},
{
"category": "external",
"summary": "1388370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388370"
},
{
"category": "external",
"summary": "1388371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388371"
},
{
"category": "external",
"summary": "1388377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388377"
},
{
"category": "external",
"summary": "1388378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388378"
},
{
"category": "external",
"summary": "1388379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388379"
},
{
"category": "external",
"summary": "1388385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388385"
},
{
"category": "external",
"summary": "1388386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388386"
},
{
"category": "external",
"summary": "1388388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388388"
},
{
"category": "external",
"summary": "1388390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388390"
},
{
"category": "external",
"summary": "1388392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388392"
},
{
"category": "external",
"summary": "1408306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306"
},
{
"category": "external",
"summary": "1425365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425365"
},
{
"category": "external",
"summary": "1434504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434504"
},
{
"category": "external",
"summary": "1437364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437364"
},
{
"category": "external",
"summary": "1437367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437367"
},
{
"category": "external",
"summary": "1437369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437369"
},
{
"category": "external",
"summary": "1495541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495541"
},
{
"category": "external",
"summary": "1503705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503705"
},
{
"category": "external",
"summary": "1597101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597101"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2486.json"
}
],
"title": "Red Hat Security Advisory: Red Hat JBoss Core Services Apache HTTP Server 2.4.29 security update",
"tracking": {
"current_release_date": "2026-05-14T22:24:16+00:00",
"generator": {
"date": "2026-05-14T22:24:16+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.8.0"
}
},
"id": "RHSA-2018:2486",
"initial_release_date": "2018-08-16T16:06:16+00:00",
"revision_history": [
{
"date": "2018-08-16T16:06:16+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-08-16T16:06:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-05-14T22:24:16+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Text-Only JBCS",
"product": {
"name": "Text-Only JBCS",
"product_id": "Text-Only JBCS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:jboss_core_services:1"
}
}
}
],
"category": "product_family",
"name": "Red Hat JBoss Core Services"
}
],
"category": "vendor",
"name": "Red Hat"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Gustavo Grieco"
]
}
],
"cve": "CVE-2016-0718",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-01-06T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1296102"
}
],
"notes": [
{
"category": "description",
"text": "An out-of-bounds read flaw was found in the way Expat processed certain input. A remote attacker could send specially crafted XML that, when parsed by an application using the Expat library, would cause that application to crash or, possibly, execute arbitrary code with the permission of the user running the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "expat: Out-of-bounds heap read on crafted input causing crash",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-0718"
},
{
"category": "external",
"summary": "RHBZ#1296102",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1296102"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-0718",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0718"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-0718",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0718"
}
],
"release_date": "2016-05-17T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "expat: Out-of-bounds heap read on crafted input causing crash"
},
{
"cve": "CVE-2016-4975",
"cwe": {
"id": "CWE-113",
"name": "Improper Neutralization of CRLF Sequences in HTTP Headers (\u0027HTTP Request/Response Splitting\u0027)"
},
"discovery_date": "2016-09-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375968"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Apache was vulnerable to a HTTP response splitting attack for sites which use mod_userdir. An attacker could use this flaw to inject CRLF characters into the HTTP header and could possibly gain access to secure data.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-4975"
},
{
"category": "external",
"summary": "RHBZ#1375968",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375968"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-4975",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4975"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-4975"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975",
"url": "https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975"
},
{
"category": "external",
"summary": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975",
"url": "https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975"
}
],
"release_date": "2018-08-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "httpd: CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir"
},
{
"cve": "CVE-2016-5131",
"discovery_date": "2016-07-20T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1358641"
}
],
"notes": [
{
"category": "description",
"text": "Use-after-free vulnerability in libxml2 through 2.9.4, as used in Google Chrome before 52.0.2743.82, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors related to the XPointer range-to function.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Use after free triggered by XPointer paths beginning with range-to",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This flaw in libxml2 requires exposing the library to XPath/XPointer expressions from an untrusted source, which is not common in practice for applications using libxml2. For libxml2, Red Hat Product Security has rated this vulnerability as Moderate severity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-5131"
},
{
"category": "external",
"summary": "RHBZ#1358641",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1358641"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-5131",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5131"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5131"
},
{
"category": "external",
"summary": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html",
"url": "https://googlechromereleases.blogspot.com/2016/07/stable-channel-update.html"
}
],
"release_date": "2016-07-20T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "libxml2: Use after free triggered by XPointer paths beginning with range-to"
},
{
"cve": "CVE-2016-7167",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2016-09-14T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1375906"
}
],
"notes": [
{
"category": "description",
"text": "Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: escape and unescape integer overflows",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-7167"
},
{
"category": "external",
"summary": "RHBZ#1375906",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1375906"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-7167",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7167"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20160914.html",
"url": "https://curl.haxx.se/docs/adv_20160914.html"
}
],
"release_date": "2016-09-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 2.9,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: escape and unescape integer overflows"
},
{
"cve": "CVE-2016-8615",
"cwe": {
"id": "CWE-99",
"name": "Improper Control of Resource Identifiers (\u0027Resource Injection\u0027)"
},
"discovery_date": "2016-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1388370"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Cookie injection for other servers",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8615"
},
{
"category": "external",
"summary": "RHBZ#1388370",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388370"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8615",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8615"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20161102A.html",
"url": "https://curl.haxx.se/docs/adv_20161102A.html"
}
],
"release_date": "2016-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: Cookie injection for other servers"
},
{
"cve": "CVE-2016-8616",
"cwe": {
"id": "CWE-287",
"name": "Improper Authentication"
},
"discovery_date": "2016-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1388371"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Case insensitive password comparison",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8616"
},
{
"category": "external",
"summary": "RHBZ#1388371",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388371"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8616",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8616"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20161102B.html",
"url": "https://curl.haxx.se/docs/adv_20161102B.html"
}
],
"release_date": "2016-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: Case insensitive password comparison"
},
{
"cve": "CVE-2016-8617",
"cwe": {
"id": "CWE-787",
"name": "Out-of-bounds Write"
},
"discovery_date": "2016-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1388377"
}
],
"notes": [
{
"category": "description",
"text": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Out-of-bounds write via unchecked multiplication",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8617"
},
{
"category": "external",
"summary": "RHBZ#1388377",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388377"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8617",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8617"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20161102C.html",
"url": "https://curl.haxx.se/docs/adv_20161102C.html"
}
],
"release_date": "2016-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: Out-of-bounds write via unchecked multiplication"
},
{
"cve": "CVE-2016-8618",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2016-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1388378"
}
],
"notes": [
{
"category": "description",
"text": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Double-free in curl_maprintf",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8618"
},
{
"category": "external",
"summary": "RHBZ#1388378",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388378"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8618",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8618"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20161102D.html",
"url": "https://curl.haxx.se/docs/adv_20161102D.html"
}
],
"release_date": "2016-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: Double-free in curl_maprintf"
},
{
"cve": "CVE-2016-8619",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2016-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1388379"
}
],
"notes": [
{
"category": "description",
"text": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Double-free in krb5 code",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8619"
},
{
"category": "external",
"summary": "RHBZ#1388379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388379"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8619",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8619"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20161102E.html",
"url": "https://curl.haxx.se/docs/adv_20161102E.html"
}
],
"release_date": "2016-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: Double-free in krb5 code"
},
{
"cve": "CVE-2016-8621",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2016-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1388385"
}
],
"notes": [
{
"category": "description",
"text": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: curl_getdate out-of-bounds read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8621"
},
{
"category": "external",
"summary": "RHBZ#1388385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388385"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8621",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8621"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20161102G.html",
"url": "https://curl.haxx.se/docs/adv_20161102G.html"
}
],
"release_date": "2016-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: curl_getdate out-of-bounds read"
},
{
"cve": "CVE-2016-8622",
"cwe": {
"id": "CWE-190",
"name": "Integer Overflow or Wraparound"
},
"discovery_date": "2016-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1388386"
}
],
"notes": [
{
"category": "description",
"text": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: URL unescape heap overflow via integer truncation",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8622"
},
{
"category": "external",
"summary": "RHBZ#1388386",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388386"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8622",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8622"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20161102H.html",
"url": "https://curl.haxx.se/docs/adv_20161102H.html"
}
],
"release_date": "2016-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: URL unescape heap overflow via integer truncation"
},
{
"cve": "CVE-2016-8623",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2016-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1388388"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Use-after-free via shared cookies",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8623"
},
{
"category": "external",
"summary": "RHBZ#1388388",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388388"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8623",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8623"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20161102I.html",
"url": "https://curl.haxx.se/docs/adv_20161102I.html"
}
],
"release_date": "2016-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "curl: Use-after-free via shared cookies"
},
{
"cve": "CVE-2016-8624",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1388390"
}
],
"notes": [
{
"category": "description",
"text": "curl before version 7.51.0 doesn\u0027t parse the authority component of the URL correctly when the host name part ends with a \u0027#\u0027 character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Invalid URL parsing with \u0027#\u0027",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8624"
},
{
"category": "external",
"summary": "RHBZ#1388390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388390"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8624",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8624"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20161102J.html",
"url": "https://curl.haxx.se/docs/adv_20161102J.html"
}
],
"release_date": "2016-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: Invalid URL parsing with \u0027#\u0027"
},
{
"cve": "CVE-2016-8625",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2016-10-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1388392"
}
],
"notes": [
{
"category": "description",
"text": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: IDNA 2003 makes curl use wrong host",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-8625"
},
{
"category": "external",
"summary": "RHBZ#1388392",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1388392"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-8625",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8625"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20161102K.html",
"url": "https://curl.haxx.se/docs/adv_20161102K.html"
}
],
"release_date": "2016-11-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: IDNA 2003 makes curl use wrong host"
},
{
"cve": "CVE-2016-9318",
"cwe": {
"id": "CWE-611",
"name": "Improper Restriction of XML External Entity Reference"
},
"discovery_date": "2016-11-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1395609"
}
],
"notes": [
{
"category": "description",
"text": "libxml2 2.9.4 and earlier, as used in XMLSec 1.2.23 and earlier and other products, does not offer a flag directly indicating that the current document may be read but other files may not be opened, which makes it easier for remote attackers to conduct XML External Entity (XXE) attacks via a crafted document.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: XML External Entity vulnerability",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-9318"
},
{
"category": "external",
"summary": "RHBZ#1395609",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1395609"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-9318",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9318"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9318",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9318"
}
],
"release_date": "2016-10-06T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"category": "workaround",
"details": "Application parsing untrusted input with libxml2 should be careful to NOT use entity expansion (enabled by XML_PARSE_NOENT) or DTD validation (XML_PARSE_DTDLOAD, XML_PARSE_DTDVALID) on such input.",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
"version": "2.0"
},
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:N/UI:N/S:C/C:H/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: XML External Entity vulnerability"
},
{
"cve": "CVE-2016-9596",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2016-03-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1408302"
}
],
"notes": [
{
"category": "description",
"text": "libxml2, as used in Red Hat JBoss Core Services and when in recovery mode, allows context-dependent attackers to cause a denial of service (stack consumption) via a crafted XML document. NOTE: this vulnerability exists because of an incorrect fix for CVE-2016-3627.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-9596"
},
{
"category": "external",
"summary": "RHBZ#1408302",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408302"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-9596",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9596"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9596",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9596"
}
],
"release_date": "2016-03-21T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: stack exhaustion while parsing xml files in recovery mode (unfixed CVE-2016-3627 in JBCS)"
},
{
"cve": "CVE-2016-9597",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2016-04-26T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1408305"
}
],
"notes": [
{
"category": "description",
"text": "It was found that Red Hat JBoss Core Services erratum RHSA-2016:2957 for CVE-2016-3705 did not actually include the fix for the issue found in libxml2, making it vulnerable to a Denial of Service attack due to a Stack Overflow. This is a regression CVE for the same issue as CVE-2016-3705.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-9597"
},
{
"category": "external",
"summary": "RHBZ#1408305",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408305"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-9597",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9597"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9597",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9597"
}
],
"release_date": "2016-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: stack overflow before detecting invalid XML file (unfixed CVE-2016-3705 in JBCS)"
},
{
"cve": "CVE-2016-9598",
"cwe": {
"id": "CWE-674",
"name": "Uncontrolled Recursion"
},
"discovery_date": "2016-05-03T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1408306"
}
],
"notes": [
{
"category": "description",
"text": "libxml2, as used in Red Hat JBoss Core Services, allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted XML document. NOTE: this vulnerability exists because of a missing fix for CVE-2016-4483.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2016-9598"
},
{
"category": "external",
"summary": "RHBZ#1408306",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1408306"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2016-9598",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9598"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2016-9598",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9598"
}
],
"release_date": "2016-05-03T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: out-of-bounds read (unfixed CVE-2016-4483 in JBCS)"
},
{
"cve": "CVE-2017-6004",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-02-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1425365"
}
],
"notes": [
{
"category": "description",
"text": "The compile_bracket_matchingpath function in pcre_jit_compile.c in PCRE through 8.x before revision 1680 (e.g., the PHP 7.1.1 bundled version) allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via a crafted regular expression.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-6004"
},
{
"category": "external",
"summary": "RHBZ#1425365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1425365"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-6004",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-6004"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-6004",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6004"
}
],
"release_date": "2017-02-14T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pcre: Out-of-bounds read in compile_bracket_matchingpath function (8.41/3)"
},
{
"cve": "CVE-2017-7186",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-03-19T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1434504"
}
],
"notes": [
{
"category": "description",
"text": "libpcre1 in PCRE 8.40 and libpcre2 in PCRE2 10.23 allow remote attackers to cause a denial of service (segmentation violation for read access, and application crash) by triggering an invalid Unicode property lookup.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat Product Security has rated this issue as having Moderate security impact. This issue is not currently planned to be addressed in future updates. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7186"
},
{
"category": "external",
"summary": "RHBZ#1434504",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1434504"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7186",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7186"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7186",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7186"
}
],
"release_date": "2017-02-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "pcre: Invalid Unicode property lookup (8.41/7, 10.24/2)"
},
{
"cve": "CVE-2017-7244",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1437364"
}
],
"notes": [
{
"category": "description",
"text": "The _pcre32_xclass function in pcre_xclass.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (invalid memory read) via a crafted file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7244"
},
{
"category": "external",
"summary": "RHBZ#1437364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437364"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7244",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7244"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7244",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7244"
},
{
"category": "external",
"summary": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/",
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-invalid-memory-read-in-_pcre32_xclass-pcre_xclass-c/"
}
],
"release_date": "2017-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pcre: invalid memory read in _pcre32_xclass (pcre_xclass.c)"
},
{
"cve": "CVE-2017-7245",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1437367"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 4) or possibly have unspecified other impact via a crafted file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcre: stack-based buffer overflow write in pcre32_copy_substring",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7245"
},
{
"category": "external",
"summary": "RHBZ#1437367",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437367"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7245",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7245"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7245",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7245"
},
{
"category": "external",
"summary": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/",
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
}
],
"release_date": "2017-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pcre: stack-based buffer overflow write in pcre32_copy_substring"
},
{
"cve": "CVE-2017-7246",
"cwe": {
"id": "CWE-20",
"name": "Improper Input Validation"
},
"discovery_date": "2017-03-23T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1437369"
}
],
"notes": [
{
"category": "description",
"text": "Stack-based buffer overflow in the pcre32_copy_substring function in pcre_get.c in libpcre1 in PCRE 8.40 allows remote attackers to cause a denial of service (WRITE of size 268) or possibly have unspecified other impact via a crafted file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "pcre: stack-based buffer overflow write in pcre32_copy_substring",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-7246"
},
{
"category": "external",
"summary": "RHBZ#1437369",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1437369"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-7246",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7246"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-7246",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7246"
},
{
"category": "external",
"summary": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/",
"url": "https://blogs.gentoo.org/ago/2017/03/20/libpcre-two-stack-based-buffer-overflow-write-in-pcre32_copy_substring-pcre_get-c/"
}
],
"release_date": "2017-03-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "pcre: stack-based buffer overflow write in pcre32_copy_substring"
},
{
"cve": "CVE-2017-9047",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2017-05-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1452554"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overflow was discovered in libxml2 20904-GITv2.9.4-16-g0741801. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer \u0027buf\u0027 of size \u0027size\u0027. The variable len is assigned strlen(buf). If the content-\u003etype is XML_ELEMENT_CONTENT_ELEMENT, then (i) the content-\u003eprefix is appended to buf (if it actually fits) whereupon (ii) content-\u003ename is written to the buffer. However, the check for whether the content-\u003ename actually fits also uses \u0027len\u0027 rather than the updated buffer length strlen(buf). This allows us to write about \"size\" many bytes beyond the allocated memory. This vulnerability causes programs that use libxml2, such as PHP, to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Buffer overflow in function xmlSnprintfElementContent",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9047"
},
{
"category": "external",
"summary": "RHBZ#1452554",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452554"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9047",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9047"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9047",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9047"
}
],
"release_date": "2017-05-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Buffer overflow in function xmlSnprintfElementContent"
},
{
"cve": "CVE-2017-9048",
"cwe": {
"id": "CWE-121",
"name": "Stack-based Buffer Overflow"
},
"discovery_date": "2017-05-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1452549"
}
],
"notes": [
{
"category": "description",
"text": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a stack-based buffer overflow. The function xmlSnprintfElementContent in valid.c is supposed to recursively dump the element content definition into a char buffer \u0027buf\u0027 of size \u0027size\u0027. At the end of the routine, the function may strcat two more characters without checking whether the current strlen(buf) + 2 \u003c size. This vulnerability causes programs that use libxml2, such as PHP, to crash.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability exists in the DTD validation functionality of libxml2. Applications that do not attempt to validate untrusted documents are not impacted.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9048"
},
{
"category": "external",
"summary": "RHBZ#1452549",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452549"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9048",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9048"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9048",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9048"
}
],
"release_date": "2017-05-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Stack-based buffer overflow in function xmlSnprintfElementContent"
},
{
"cve": "CVE-2017-9049",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-05-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1452556"
}
],
"notes": [
{
"category": "description",
"text": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictComputeFastKey function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for libxml2 Bug 759398.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9049"
},
{
"category": "external",
"summary": "RHBZ#1452556",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452556"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9049",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9049"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9049",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9049"
}
],
"release_date": "2017-05-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Heap-based buffer over-read in function xmlDictComputeFastKey"
},
{
"cve": "CVE-2017-9050",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-05-18T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1452553"
}
],
"notes": [
{
"category": "description",
"text": "libxml2 20904-GITv2.9.4-16-g0741801 is vulnerable to a heap-based buffer over-read in the xmlDictAddString function in dict.c. This vulnerability causes programs that use libxml2, such as PHP, to crash. This vulnerability exists because of an incomplete fix for CVE-2016-1839.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Heap-based buffer over-read in function xmlDictAddString",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-9050"
},
{
"category": "external",
"summary": "RHBZ#1452553",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1452553"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-9050",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9050"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-9050",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-9050"
}
],
"release_date": "2017-05-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "libxml2: Heap-based buffer over-read in function xmlDictAddString"
},
{
"cve": "CVE-2017-18258",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2018-04-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1566749"
}
],
"notes": [
{
"category": "description",
"text": "The xz_head function in xzlib.c in libxml2 before 2.9.6 allows remote attackers to cause a denial of service (memory consumption) via a crafted LZMA file, because the decoder functionality does not restrict memory usage to what is required for a legitimate file.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-18258"
},
{
"category": "external",
"summary": "RHBZ#1566749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1566749"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-18258",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-18258"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-18258"
}
],
"release_date": "2017-09-07T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.5,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "libxml2: Unrestricted memory usage in xz_head() function in xzlib.c"
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"Max Dymond"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-1000254",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-09-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1495541"
}
],
"notes": [
{
"category": "description",
"text": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: FTP PWD response parser out of bounds read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000254"
},
{
"category": "external",
"summary": "RHBZ#1495541",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495541"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-1000254",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000254"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000254"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20171004.html",
"url": "https://curl.haxx.se/docs/adv_20171004.html"
}
],
"release_date": "2017-10-04T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: FTP PWD response parser out of bounds read"
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"Brian Carpenter",
"the OSS-Fuzz project"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2017-1000257",
"cwe": {
"id": "CWE-125",
"name": "Out-of-bounds Read"
},
"discovery_date": "2017-10-17T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1503705"
}
],
"notes": [
{
"category": "description",
"text": "A buffer overrun flaw was found in the IMAP handler of libcurl. By tricking an unsuspecting user into connecting to a malicious IMAP server, an attacker could exploit this flaw to potentially cause information disclosure or crash the application.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: IMAP FETCH response out of bounds read",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2017-1000257"
},
{
"category": "external",
"summary": "RHBZ#1503705",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1503705"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2017-1000257",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000257"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_20171023.html",
"url": "https://curl.haxx.se/docs/adv_20171023.html"
}
],
"release_date": "2017-10-23T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
},
{
"category": "workaround",
"details": "Switch off IMAP in `CURLOPT_PROTOCOLS`",
"product_ids": [
"Text-Only JBCS"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: IMAP FETCH response out of bounds read"
},
{
"acknowledgments": [
{
"names": [
"the Curl project"
]
},
{
"names": [
"Peter Wu"
],
"summary": "Acknowledged by upstream."
}
],
"cve": "CVE-2018-0500",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"discovery_date": "2018-07-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1597101"
}
],
"notes": [
{
"category": "description",
"text": "A heap-based buffer overflow has been found in the Curl_smtp_escape_eob() function of curl. An attacker could exploit this by convincing a user to use curl to upload data over SMTP with a reduced buffer to cause a crash or corrupt memory.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue did not affect the versions of curl/libcurl as shipped with Red Hat Enterprise Linux 5, 6 and 7 as they did not include the vulnerable code.\n\nThis issue did not affect the versions of curl/libcurl as shipped with Red Hat Software Collections 3 as they did not include the vulnerable code.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"Text-Only JBCS"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-0500"
},
{
"category": "external",
"summary": "RHBZ#1597101",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597101"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-0500",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0500"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0500",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0500"
},
{
"category": "external",
"summary": "https://curl.haxx.se/docs/adv_2018-70a2.html",
"url": "https://curl.haxx.se/docs/adv_2018-70a2.html"
}
],
"release_date": "2018-07-11T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-08-16T16:06:16+00:00",
"details": "The References section of this erratum contains a download link (you must log in to download the update). Before applying the update, back up your existing Red Hat JBoss Core Services installation (including all applications and configuration files).",
"product_ids": [
"Text-Only JBCS"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2486"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"Text-Only JBCS"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…