Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-16890 (GCVE-0-2018-16890)
Vulnerability from cvelistv5 – Published: 2019-02-06 20:00 – Updated: 2026-04-15 20:53
VLAI
EPSS
Summary
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
Severity
5.4 (Medium)
CWE
Assigner
References
12 references
| URL | Tags |
|---|---|
| https://www.debian.org/security/2019/dsa-4386 | vendor-advisoryx_refsource_DEBIAN |
| http://www.securityfocus.com/bid/106947 | vdb-entryx_refsource_BID |
| https://curl.haxx.se/docs/CVE-2018-16890.html | x_refsource_MISC |
| https://security.netapp.com/advisory/ntap-2019031… | x_refsource_CONFIRM |
| https://usn.ubuntu.com/3882-1/ | vendor-advisoryx_refsource_UBUNTU |
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2… | x_refsource_CONFIRM |
| https://lists.apache.org/thread.html/8338a0f605bd… | mailing-listx_refsource_MLIST |
| https://cert-portal.siemens.com/productcert/pdf/s… | x_refsource_CONFIRM |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://www.oracle.com/technetwork/security-advis… | x_refsource_MISC |
| https://support.f5.com/csp/article/K03314397?utm_… | x_refsource_CONFIRM |
| https://access.redhat.com/errata/RHSA-2019:3701 | vendor-advisoryx_refsource_REDHAT |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The curl Project | curl |
Affected:
7.64.0
|
Date Public
2019-02-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T10:39:57.668Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-4386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"name": "106947",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/106947"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://curl.haxx.se/docs/CVE-2018-16890.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"name": "USN-3882-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "RHSA-2019:3701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3701"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2018-16890",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-15T20:53:28.762410Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-15T20:53:35.135Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "curl",
"vendor": "The curl Project",
"versions": [
{
"status": "affected",
"version": "7.64.0"
}
]
}
],
"datePublic": "2019-02-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-06T00:07:59.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "DSA-4386",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"name": "106947",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/106947"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://curl.haxx.se/docs/CVE-2018-16890.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"name": "USN-3882-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"name": "RHSA-2019:3701",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3701"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "7.64.0"
}
]
}
}
]
},
"vendor_name": "The curl Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4386",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"name": "106947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106947"
},
{
"name": "https://curl.haxx.se/docs/CVE-2018-16890.html",
"refsource": "MISC",
"url": "https://curl.haxx.se/docs/CVE-2018-16890.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"name": "USN-3882-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "RHSA-2019:3701",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3701"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-16890",
"datePublished": "2019-02-06T20:00:00.000Z",
"dateReserved": "2018-09-11T00:00:00.000Z",
"dateUpdated": "2026-04-15T20:53:35.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2018-16890",
"date": "2026-05-27",
"epss": "0.01397",
"percentile": "0.80655"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2018-16890\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2019-02-06T20:29:00.243\",\"lastModified\":\"2024-11-21T03:53:32.740\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.\"},{\"lang\":\"es\",\"value\":\"Libcurl, desde la versi\u00f3n 7.36.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria din\u00e1mica (heap) fuera de l\u00edmites. La funci\u00f3n que gestiona los mensajes entrantes NTLM de tipo 2 (\\\"lib/vauth/ntlm.c:ntlm_decode_type2_target\\\") no valida los datos entrantes correctamente y est\u00e1 sujeta a una vulnerabilidad de desbordamiento de enteros. Mediante ese desbordamiento, un servidor NTLM malicioso o roto podr\u00eda enga\u00f1ar a libcurl para que acepte una mala combinaci\u00f3n de longitud + desplazamiento que conducir\u00eda a una lectura del b\u00fafer fuera de l\u00edmites.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":2.5}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-190\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.36.0\",\"versionEndExcluding\":\"7.64.0\",\"matchCriteriaId\":\"0572AA2C-5E33-4612-8BDE-0859690EA089\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07C312A0-CD2C-4B9C-B064-6409B25C278F\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0E976A9-6253-4DF5-9370-471D0469B395\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.0\",\"matchCriteriaId\":\"626EEBF4-73B9-44B3-BF55-50EC9139EF66\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E3517A27-E6EE-497C-9996-F78171BBE90F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DFC79B17-E9D2-44D5-93ED-2F959E7A3D43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B5265C91-FF5C-4451-A7C2-D388A65ACFA2\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1.0\",\"versionEndIncluding\":\"13.1.3\",\"matchCriteriaId\":\"6FCB6C17-33AC-4E5E-8633-7490058CA51F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndIncluding\":\"14.1.2\",\"matchCriteriaId\":\"FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0.0\",\"versionEndIncluding\":\"15.0.1\",\"matchCriteriaId\":\"D6A53E3C-3E09-4100-8D5A-10AD4973C230\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/106947\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3701\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://curl.haxx.se/docs/CVE-2018-16890.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190315-0001/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://usn.ubuntu.com/3882-1/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4386\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/106947\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2019:3701\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://curl.haxx.se/docs/CVE-2018-16890.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20190315-0001/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp%3Butm_medium=RSS\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/3882-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2019/dsa-4386\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.debian.org/security/2019/dsa-4386\", \"name\": \"DSA-4386\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\", \"x_transferred\"]}, {\"url\": \"http://www.securityfocus.com/bid/106947\", \"name\": \"106947\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\", \"x_transferred\"]}, {\"url\": \"https://curl.haxx.se/docs/CVE-2018-16890.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190315-0001/\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://usn.ubuntu.com/3882-1/\", \"name\": \"USN-3882-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\", \"x_transferred\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E\", \"name\": \"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\", \"x_transferred\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3701\", \"name\": \"RHSA-2019:3701\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-05T10:39:57.668Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2018-16890\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2026-04-15T20:53:28.762410Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2026-04-15T20:53:31.951Z\"}}], \"cna\": {\"metrics\": [{\"cvssV3_0\": {\"scope\": \"UNCHANGED\", \"version\": \"3.0\", \"baseScore\": 5.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"The curl Project\", \"product\": \"curl\", \"versions\": [{\"status\": \"affected\", \"version\": \"7.64.0\"}]}], \"datePublic\": \"2019-02-06T00:00:00.000Z\", \"references\": [{\"url\": \"https://www.debian.org/security/2019/dsa-4386\", \"name\": \"DSA-4386\", \"tags\": [\"vendor-advisory\", \"x_refsource_DEBIAN\"]}, {\"url\": \"http://www.securityfocus.com/bid/106947\", \"name\": \"106947\", \"tags\": [\"vdb-entry\", \"x_refsource_BID\"]}, {\"url\": \"https://curl.haxx.se/docs/CVE-2018-16890.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190315-0001/\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://usn.ubuntu.com/3882-1/\", \"name\": \"USN-3882-1\", \"tags\": [\"vendor-advisory\", \"x_refsource_UBUNTU\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E\", \"name\": \"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.\", \"tags\": [\"mailing-list\", \"x_refsource_MLIST\"]}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp%3Butm_medium=RSS\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3701\", \"name\": \"RHSA-2019:3701\", \"tags\": [\"vendor-advisory\", \"x_refsource_REDHAT\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2019-11-06T00:07:59.000Z\"}, \"x_legacyV4Record\": {\"impact\": {\"cvss\": [[{\"version\": \"3.0\", \"vectorString\": \"5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L\"}]]}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"version\": {\"version_data\": [{\"version_value\": \"7.64.0\"}]}, \"product_name\": \"curl\"}]}, \"vendor_name\": \"The curl Project\"}]}}, \"data_type\": \"CVE\", \"references\": {\"reference_data\": [{\"url\": \"https://www.debian.org/security/2019/dsa-4386\", \"name\": \"DSA-4386\", \"refsource\": \"DEBIAN\"}, {\"url\": \"http://www.securityfocus.com/bid/106947\", \"name\": \"106947\", \"refsource\": \"BID\"}, {\"url\": \"https://curl.haxx.se/docs/CVE-2018-16890.html\", \"name\": \"https://curl.haxx.se/docs/CVE-2018-16890.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20190315-0001/\", \"name\": \"https://security.netapp.com/advisory/ntap-20190315-0001/\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://usn.ubuntu.com/3882-1/\", \"name\": \"USN-3882-1\", \"refsource\": \"UBUNTU\"}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890\", \"name\": \"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E\", \"name\": \"[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.\", \"refsource\": \"MLIST\"}, {\"url\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf\", \"name\": \"https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"name\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"refsource\": \"MISC\"}, {\"url\": \"https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp;utm_medium=RSS\", \"name\": \"https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp;utm_medium=RSS\", \"refsource\": \"CONFIRM\"}, {\"url\": \"https://access.redhat.com/errata/RHSA-2019:3701\", \"name\": \"RHSA-2019:3701\", \"refsource\": \"REDHAT\"}]}, \"data_format\": \"MITRE\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"CWE-125\"}]}]}, \"data_version\": \"4.0\", \"CVE_data_meta\": {\"ID\": \"CVE-2018-16890\", \"STATE\": \"PUBLIC\", \"ASSIGNER\": \"secalert@redhat.com\"}}}}",
"cveMetadata": "{\"cveId\": \"CVE-2018-16890\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2026-04-15T20:53:35.135Z\", \"dateReserved\": \"2018-09-11T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2019-02-06T20:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
BDU:2019-00964
Vulnerability from fstec - Published: 30.12.2018
VLAI
Title
Уязвимость функции NTLM type-2 библиотеки libcurl, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции NTLM type-2 библиотеки libcurl связана с некорректной проверкой входящих данных, приводящей к чтению за пределами буфера динамической памяти. Эксплуатация уязвимости позволяет нарушителю, действующему удаленно, вызвать отказ в обслуживании
Severity
Vendor
ООО «РусБИТех-Астра», Daniel Stenberg, Oracle Corp., Siemens AG, ООО «Ред Софт»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Libcurl, HTTP Server, Oracle Communications Operations Monitor, SINEMA Remote Connect, Secure Global Desktop, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), от 7.36.0 до 7.64.0 (Libcurl), 12.2.1.3.0 (HTTP Server), 3.4 (Oracle Communications Operations Monitor), 4.0 (Oracle Communications Operations Monitor), до 2.0 HF1 (SINEMA Remote Connect), 5.4 (Secure Global Desktop), до 7.2 Муром (РЕД ОС), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»)
Possible Mitigations
Для curl:
Обновление программного обеспечения до 7.61.1 или более поздней версии
Для Astra Linux:
Обновление программного обеспечения (пакета curl) до 7.38.0-4+deb8u12 или более поздней версии
Для SINEMA Remote Connect Client до V2.0 HF1:
https://support.industry.siemens.com/cs/de/en/view/109764829
Для продуктов Oracle использование рекомендаций:
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Для РЕД ОС:
Обновление операционной системы до версии 7.2 Муром
Reference
https://curl.haxx.se/docs/CVE-2018-16890.html
https://nvd.nist.gov/vuln/detail/CVE-2018-16890
https://security-tracker.debian.org/tracker/CVE-2018-16890
https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Daniel Stenberg, Oracle Corp., Siemens AG, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), \u043e\u0442 7.36.0 \u0434\u043e 7.64.0 (Libcurl), 12.2.1.3.0 (HTTP Server), 3.4 (Oracle Communications Operations Monitor), 4.0 (Oracle Communications Operations Monitor), \u0434\u043e 2.0 HF1 (SINEMA Remote Connect), 5.4 (Secure Global Desktop), \u0434\u043e 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f curl:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 7.61.1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 curl) \u0434\u043e 7.38.0-4+deb8u12 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f SINEMA Remote Connect Client \u0434\u043e V2.0 HF1:\nhttps://support.industry.siemens.com/cs/de/en/view/109764829\n\n\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7.2 \u041c\u0443\u0440\u043e\u043c",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.12.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "12.03.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-00964",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-16890",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Libcurl, HTTP Server, Oracle Communications Operations Monitor, SINEMA Remote Connect, Secure Global Desktop, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NTLM type-2 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libcurl, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 NTLM type-2 \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libcurl \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u043a\u043e\u0440\u0440\u0435\u043a\u0442\u043d\u043e\u0439 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u043e\u0439 \u0432\u0445\u043e\u0434\u044f\u0449\u0438\u0445 \u0434\u0430\u043d\u043d\u044b\u0445, \u043f\u0440\u0438\u0432\u043e\u0434\u044f\u0449\u0435\u0439 \u043a \u0447\u0442\u0435\u043d\u0438\u044e \u0437\u0430 \u043f\u0440\u0435\u0434\u0435\u043b\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u0430\u043c\u0438",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://curl.haxx.se/docs/CVE-2018-16890.html\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-16890\nhttps://security-tracker.debian.org/tracker/CVE-2018-16890\nhttps://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u041f\u041e \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
BDU:2019-01750
Vulnerability from fstec - Published: 30.12.2018
VLAI
Title
Уязвимость функции ntlm_decode_type2_target библиотеки libcurl, позволяющая нарушителю вызвать отказ в обслуживании
Description
Уязвимость функции ntlm_decode_type2_target (lib/vauth/ntlm.c) библиотеки libcurl вызвана целочисленным переполнением. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании
Severity
Vendor
ООО «РусБИТех-Астра», Daniel Stenberg, Oracle Corp., ООО «Ред Софт»
Software Name
Astra Linux Special Edition (запись в едином реестре российских программ №369), Libcurl, HTTP Server, Oracle Secure Global Desktop, Oracle Communications Operations Monitor, РЕД ОС (запись в едином реестре российских программ №3751), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156)
Software Version
1.6 «Смоленск» (Astra Linux Special Edition), от 7.36.0 до 7.64.0 (Libcurl), 12.2.1.3.0 (HTTP Server), 5.4 (Oracle Secure Global Desktop), 3.4 (Oracle Communications Operations Monitor), 4.0 (Oracle Communications Operations Monitor), до 7.2 Муром (РЕД ОС), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»)
Possible Mitigations
Для curl:
Обновление программного обеспечения до 7.61.1 или более поздней версии
Для продуктов Oracle использование рекомендаций:
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Для РЕД ОС:
Обновление операционной системы до версии 7.2 Муром
Для Astra Linux:
Обновление программного обеспечения (пакета curl) до 7.38.0-4+deb8u12 или более поздней версии
Reference
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.securityfocus.com/bid/106947
https://curl.haxx.se/docs/CVE-2018-16890.html
CWE
CWE-125
{
"CVSS 2.0": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"CVSS 3.0": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Daniel Stenberg, Oracle Corp., \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), \u043e\u0442 7.36.0 \u0434\u043e 7.64.0 (Libcurl), 12.2.1.3.0 (HTTP Server), 5.4 (Oracle Secure Global Desktop), 3.4 (Oracle Communications Operations Monitor), 4.0 (Oracle Communications Operations Monitor), \u0434\u043e 7.2 \u041c\u0443\u0440\u043e\u043c (\u0420\u0415\u0414 \u041e\u0421), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0414\u043b\u044f curl:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e 7.61.1 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Oracle \u0438\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\nhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n\n\u0414\u043b\u044f \u0420\u0415\u0414 \u041e\u0421:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 7.2 \u041c\u0443\u0440\u043e\u043c\n\n\u0414\u043b\u044f Astra Linux:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f (\u043f\u0430\u043a\u0435\u0442\u0430 curl) \u0434\u043e 7.38.0-4+deb8u12 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043f\u043e\u0437\u0434\u043d\u0435\u0439 \u0432\u0435\u0440\u0441\u0438\u0438",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "30.12.2018",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "07.05.2019",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2019-01750",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2018-16890",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Libcurl, HTTP Server, Oracle Secure Global Desktop, Oracle Communications Operations Monitor, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": null,
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ntlm_decode_type2_target \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 libcurl, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u0427\u0442\u0435\u043d\u0438\u0435 \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-125)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 ntlm_decode_type2_target (lib/vauth/ntlm.c) \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438\u00a0libcurl \u0432\u044b\u0437\u0432\u0430\u043d\u0430 \u0446\u0435\u043b\u043e\u0447\u0438\u0441\u043b\u0435\u043d\u043d\u044b\u043c \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": "-",
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\n\nhttps://www.securityfocus.com/bid/106947 \n\nhttps://curl.haxx.se/docs/CVE-2018-16890.html",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-125",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,5)"
}
CERTFR-2019-AVI-151
Vulnerability from certfr_avis - Published: 2019-04-09 - Updated: 2019-04-09
De multiples vulnérabilités ont été découvertes dans les produits Siemens. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Siemens | N/A | SINAMICS G150 V4.6 toutes versions | ||
| Siemens | N/A | SINAMICS G150 V4.7 toutes versions | ||
| Siemens | N/A | SITOP PSU8600 toutes versions | ||
| Siemens | N/A | SIMATIC RF186C toutes versions | ||
| Siemens | N/A | SIMATIC Teleservice Adapter IE Standard toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU family toutes versions | ||
| Siemens | N/A | SIMATIC RF181-EIP toutes versions | ||
| Siemens | N/A | SINAMICS S150 V4.8 toutes versions antérieures à V4.8 HF6 | ||
| Siemens | N/A | SIMOCODE pro V PN toutes versions | ||
| Siemens | N/A | SINAMICS G150 V5.1 SP1 toutes versions antérieures à V5.1 SP1 HF4 | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller toutes versions V2.5 et postérieures | ||
| Siemens | N/A | SINAMICS S150 V4.7 toutes versions | ||
| Siemens | N/A | SIMATIC ET 200 Open Controller CPU 1515SPPC2 toutes versions | ||
| Siemens | N/A | SIMATIC CP343-1 Advanced toutes versions | ||
| Siemens | N/A | TeleControl Server Basic toutes versions | ||
| Siemens | N/A | TIM 1531 IRC toutes versions | ||
| Siemens | N/A | SIMATIC CP443-1 OPC UA toutes versions | ||
| Siemens | N/A | SIMATIC HMI Comfort Outdoor Panels 7" & 15" toutes versions | ||
| Siemens | N/A | SINAMICS S210 V5.1 SP1 toutes versions | ||
| Siemens | N/A | SINAMICS G130 V5.1 SP1 toutes versions antérieures à V5.1 SP1 HF4 | ||
| Siemens | N/A | SIMATIC Teleservice Adapter IE Basic toutes versions | ||
| Siemens | N/A | CP1616 toutes versions | ||
| Siemens | N/A | SINAMICS S120 V4.7 toutes versions | ||
| Siemens | N/A | SIMATIC WinCC Runtime Mobile toutes versions | ||
| Siemens | N/A | SINAMICS S120 V5.1 SP1 toutes versions antérieures à V5.1 SP1 HF4 | ||
| Siemens | N/A | SINAMICS G130 V4.8 toutes versions antérieures à V4.8 HF6 | ||
| Siemens | N/A | SIMATIC S7-300 CPU family toutes versions antérieures à V3.X.16 | ||
| Siemens | N/A | CP1604 toutes versions | ||
| Siemens | N/A | SINEMA Remote Connect Client toutes versions antérieures à V2.0 HF1 | ||
| Siemens | N/A | SITOP Manager toutes versions | ||
| Siemens | N/A | SINAMICS G150 V5.1 toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 CPU family toutes versions V2.5 et postérieures | ||
| Siemens | N/A | SIMOCODE pro V EIP toutes versions antérieures à V1.0.2 | ||
| Siemens | N/A | SIMATIC CP443-1 Advanced toutes versions | ||
| Siemens | N/A | SINAMICS G150 V4.8 toutes versions antérieures à V4.8 HF6 | ||
| Siemens | N/A | SINEMA Remote Connect Server toutes versions antérieures à V2 | ||
| Siemens | N/A | SINAMICS G150 V4.7 SP1 toutes versions | ||
| Siemens | N/A | SIMATIC WinAC RTX 2010 toutes versions | ||
| Siemens | N/A | Spectrum Power 4 avec Web Office Portal | ||
| Siemens | N/A | SIMATIC HMI Comfort Panels 4" - 22" toutes versions | ||
| Siemens | N/A | SINAMICS S150 V5.1 SP1 toutes versions antérieures à V5.1 SP1 HF4 | ||
| Siemens | N/A | SINAMICS G130 V4.6 toutes versions | ||
| Siemens | N/A | SINAMICS S150 V4.7 SP1 toutes versions | ||
| Siemens | N/A | SIMATIC S7-PLCSIM Advanced toutes versions | ||
| Siemens | N/A | SIMATIC WinCC Runtime HSP Comfort toutes versions | ||
| Siemens | N/A | SIMOCODE pro V EIP toutes versions | ||
| Siemens | N/A | SIAMTIC RF185C toutes versions | ||
| Siemens | N/A | SIMATIC ET 200 SP Open Controller CPU1515SP PC2 toutes versions | ||
| Siemens | N/A | SIMATIC Teleservice Adapter IE Advanced toutes versions | ||
| Siemens | N/A | SIMATIC S7-400 PN/DP V7 (incl. F) toutes versions | ||
| Siemens | N/A | SIMATIC WinCC Runtime Advanced toutes versions | ||
| Siemens | N/A | SIMATIC IPC DiagMonitor toutes versions | ||
| Siemens | N/A | SINAMICS S120 V4.6 toutes versions | ||
| Siemens | N/A | SIMATIC WinCC OA toutes versions antérieures à V3.15-P018 | ||
| Siemens | N/A | SINAMICS S150 V4.6 toutes versions | ||
| Siemens | N/A | SIMATIC WinCC Runtime Comfort toutes versions | ||
| Siemens | N/A | SINAMICS G130 V4.7 toutes versions | ||
| Siemens | N/A | SINUMERIK OPC UA Server toutes versions antérieures à V2.1 | ||
| Siemens | N/A | SINAMICS G130 V4.7 SP1 toutes versions | ||
| Siemens | N/A | SIMATIC S7-400 PN (incl. F) V6 et antérieures toutes versions | ||
| Siemens | N/A | SINEMA Server toutes versions | ||
| Siemens | N/A | SINAMICS S120 V5.1 toutes versions | ||
| Siemens | N/A | SIMATIC RF188C toutes versions | ||
| Siemens | N/A | SITOP UPS1600 toutes versions | ||
| Siemens | N/A | SINAMICS S120 V4.8 toutes versions antérieures à V4.8 HF | ||
| Siemens | N/A | SIMATIC CP443-1 toutes versions | ||
| Siemens | N/A | SIMATIC ET 200 SP Open Controller CPU1515SP PC toutes versions antérieures à V2.1.6 | ||
| Siemens | N/A | SINAMICS S210 V5.1 toutes versions | ||
| Siemens | N/A | SINAMICS G130 V5.1 toutes versions | ||
| Siemens | N/A | RUGGEDCOM ROX II toutes versions antérieures à V2.13.0 | ||
| Siemens | N/A | SIMATIC NET PC Software toutes versions | ||
| Siemens | N/A | SINEC-NMS toutes versions | ||
| Siemens | N/A | SINAMICS S120 V4.7 SP1 toutes versions | ||
| Siemens | N/A | SIMATIC RF600R toutes versions | ||
| Siemens | N/A | SIMATIC S7-1500 Software Controller toutes versions | ||
| Siemens | N/A | SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F toutes versions | ||
| Siemens | N/A | SIMATIC RF182C toutes versions | ||
| Siemens | N/A | SINAMICS S150 V5.1 toutes versions |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "SINAMICS G150 V4.6 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G150 V4.7 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP PSU8600 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF186C toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Teleservice Adapter IE Standard toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU family toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF181-EIP toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S150 V4.8 toutes versions ant\u00e9rieures \u00e0 V4.8 HF6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE pro V PN toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G150 V5.1 SP1 toutes versions ant\u00e9rieures \u00e0 V5.1 SP1 HF4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller toutes versions V2.5 et post\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S150 V4.7 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200 Open Controller CPU 1515SPPC2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP343-1 Advanced toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TeleControl Server Basic toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "TIM 1531 IRC toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP443-1 OPC UA toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Outdoor Panels 7\" \u0026 15\" toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S210 V5.1 SP1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G130 V5.1 SP1 toutes versions ant\u00e9rieures \u00e0 V5.1 SP1 HF4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Teleservice Adapter IE Basic toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP1616 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 V4.7 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Mobile toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 V5.1 SP1 toutes versions ant\u00e9rieures \u00e0 V5.1 SP1 HF4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G130 V4.8 toutes versions ant\u00e9rieures \u00e0 V4.8 HF6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-300 CPU family toutes versions ant\u00e9rieures \u00e0 V3.X.16",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "CP1604 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Client toutes versions ant\u00e9rieures \u00e0 V2.0 HF1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP Manager toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G150 V5.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 CPU family toutes versions V2.5 et post\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE pro V EIP toutes versions ant\u00e9rieures \u00e0 V1.0.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP443-1 Advanced toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G150 V4.8 toutes versions ant\u00e9rieures \u00e0 V4.8 HF6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Remote Connect Server toutes versions ant\u00e9rieures \u00e0 V2",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G150 V4.7 SP1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinAC RTX 2010 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "Spectrum Power 4 avec Web Office Portal",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI Comfort Panels 4\" - 22\" toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S150 V5.1 SP1 toutes versions ant\u00e9rieures \u00e0 V5.1 SP1 HF4",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G130 V4.6 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S150 V4.7 SP1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-PLCSIM Advanced toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime HSP Comfort toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMOCODE pro V EIP toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIAMTIC RF185C toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200 SP Open Controller CPU1515SP PC2 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC Teleservice Adapter IE Advanced toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN/DP V7 (incl. F) toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Advanced toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC IPC DiagMonitor toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 V4.6 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC OA toutes versions ant\u00e9rieures \u00e0 V3.15-P018",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S150 V4.6 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC WinCC Runtime Comfort toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G130 V4.7 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINUMERIK OPC UA Server toutes versions ant\u00e9rieures \u00e0 V2.1",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G130 V4.7 SP1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-400 PN (incl. F) V6 et ant\u00e9rieures toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEMA Server toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 V5.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF188C toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SITOP UPS1600 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 V4.8 toutes versions ant\u00e9rieures \u00e0 V4.8 HF",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC CP443-1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC ET 200 SP Open Controller CPU1515SP PC toutes versions ant\u00e9rieures \u00e0 V2.1.6",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S210 V5.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS G130 V5.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "RUGGEDCOM ROX II toutes versions ant\u00e9rieures \u00e0 V2.13.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC NET PC Software toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINEC-NMS toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S120 V4.7 SP1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF600R toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC S7-1500 Software Controller toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC HMI KTP Mobile Panels KTP400F,KTP700, KTP700F, KTP900 et KTP900F toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SIMATIC RF182C toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
},
{
"description": "SINAMICS S150 V5.1 toutes versions",
"product": {
"name": "N/A",
"vendor": {
"name": "Siemens",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2019-6579",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6579"
},
{
"name": "CVE-2019-6575",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6575"
},
{
"name": "CVE-2019-6568",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6568"
},
{
"name": "CVE-2018-5380",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5380"
},
{
"name": "CVE-2017-12741",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12741"
},
{
"name": "CVE-2018-5381",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5381"
},
{
"name": "CVE-2018-14618",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-14618"
},
{
"name": "CVE-2019-3822",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-3822"
},
{
"name": "CVE-2018-5379",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-5379"
},
{
"name": "CVE-2018-16890",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-16890"
},
{
"name": "CVE-2019-6570",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-6570"
}
],
"initial_release_date": "2019-04-09T00:00:00",
"last_revision_date": "2019-04-09T00:00:00",
"links": [],
"reference": "CERTFR-2019-AVI-151",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2019-04-09T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nSiemens. Elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de\ncode arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et un\ncontournement de la politique de s\u00e9curit\u00e9.\n",
"title": "SCADA Multiples vuln\u00e9rabilit\u00e9s dans les produits Siemens",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-436177 du 09 avril 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-480230 du 09 avril 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-480230.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-141614 du 09 avril 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-141614.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-324467 du 09 avril 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-324467.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-451142 du 09 avril 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-451142.pdf"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Siemens SSA-307392 du 09 avril 2019",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-307392.pdf"
}
]
}
cleanstart-2026-ay18527
Vulnerability from cleanstart
Published
2026-04-01 09:55
Modified
2026-03-16 17:21
Summary
Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086, CVE-2026-24515, CVE-2026-25210 applied in versions: 0, 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.17.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0
Details
Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details.
References
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "curl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-AY18527",
"modified": "2026-03-16T17:21:19Z",
"published": "2026-04-01T09:55:26.067667Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-AY18527.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2014-0138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2014-0139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5419"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5420"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5421"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-7141"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-7167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8615"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8616"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8617"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8618"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8620"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8621"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8622"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8623"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-9594"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000100"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000101"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000257"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-2629"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7468"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8816"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0500"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000120"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14618"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16839"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16842"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-3822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-3823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5435"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5436"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5481"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5482"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8169"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8177"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8286"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22876"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22890"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22898"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22901"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22922"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22923"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22925"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22945"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22946"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22947"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22576"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27775"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27776"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27778"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27779"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27780"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27782"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-30115"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32205"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32208"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32221"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35260"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42915"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43551"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43552"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23914"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23915"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27533"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27534"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27535"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27536"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28319"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28320"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28321"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28322"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38039"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38545"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38546"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46218"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46219"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-0853"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-11053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2004"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2379"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2398"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6197"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6874"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7264"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8096"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-9681"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0665"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-10148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5025"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-9086"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25210"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5420"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5421"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7141"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8615"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8616"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8617"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8618"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8620"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8621"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8622"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8623"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8624"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9594"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000100"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000101"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2629"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7468"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8816"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0500"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000120"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14618"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16839"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16842"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5435"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5481"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5482"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8169"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8177"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8286"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22876"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22890"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22898"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22901"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22922"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22923"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22925"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22945"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22946"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22947"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27778"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27779"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30115"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32221"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35260"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42915"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28320"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38039"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46218"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46219"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0853"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2004"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6197"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6874"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8096"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0665"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5025"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25210"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086, CVE-2026-24515, CVE-2026-25210 applied in versions: 0, 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.17.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0",
"upstream": [
"CVE-2014-0138",
"CVE-2014-0139",
"CVE-2016-5419",
"CVE-2016-5420",
"CVE-2016-5421",
"CVE-2016-7141",
"CVE-2016-7167",
"CVE-2016-8615",
"CVE-2016-8616",
"CVE-2016-8617",
"CVE-2016-8618",
"CVE-2016-8619",
"CVE-2016-8620",
"CVE-2016-8621",
"CVE-2016-8622",
"CVE-2016-8623",
"CVE-2016-8624",
"CVE-2016-8625",
"CVE-2016-9594",
"CVE-2017-1000099",
"CVE-2017-1000100",
"CVE-2017-1000101",
"CVE-2017-1000257",
"CVE-2017-2629",
"CVE-2017-7407",
"CVE-2017-7468",
"CVE-2017-8816",
"CVE-2017-8817",
"CVE-2017-8818",
"CVE-2018-0500",
"CVE-2018-1000120",
"CVE-2018-1000121",
"CVE-2018-1000122",
"CVE-2018-1000300",
"CVE-2018-1000301",
"CVE-2018-14618",
"CVE-2018-16839",
"CVE-2018-16840",
"CVE-2018-16842",
"CVE-2018-16890",
"CVE-2019-3822",
"CVE-2019-3823",
"CVE-2019-5435",
"CVE-2019-5436",
"CVE-2019-5481",
"CVE-2019-5482",
"CVE-2020-8169",
"CVE-2020-8177",
"CVE-2020-8231",
"CVE-2020-8284",
"CVE-2020-8285",
"CVE-2020-8286",
"CVE-2021-22876",
"CVE-2021-22890",
"CVE-2021-22897",
"CVE-2021-22898",
"CVE-2021-22901",
"CVE-2021-22922",
"CVE-2021-22923",
"CVE-2021-22924",
"CVE-2021-22925",
"CVE-2021-22945",
"CVE-2021-22946",
"CVE-2021-22947",
"CVE-2022-22576",
"CVE-2022-27774",
"CVE-2022-27775",
"CVE-2022-27776",
"CVE-2022-27778",
"CVE-2022-27779",
"CVE-2022-27780",
"CVE-2022-27781",
"CVE-2022-27782",
"CVE-2022-30115",
"CVE-2022-32205",
"CVE-2022-32206",
"CVE-2022-32207",
"CVE-2022-32208",
"CVE-2022-32221",
"CVE-2022-35252",
"CVE-2022-35260",
"CVE-2022-42915",
"CVE-2022-42916",
"CVE-2022-43551",
"CVE-2022-43552",
"CVE-2023-23914",
"CVE-2023-23915",
"CVE-2023-23916",
"CVE-2023-27533",
"CVE-2023-27534",
"CVE-2023-27535",
"CVE-2023-27536",
"CVE-2023-27537",
"CVE-2023-27538",
"CVE-2023-28319",
"CVE-2023-28320",
"CVE-2023-28321",
"CVE-2023-28322",
"CVE-2023-38039",
"CVE-2023-38545",
"CVE-2023-38546",
"CVE-2023-46218",
"CVE-2023-46219",
"CVE-2024-0853",
"CVE-2024-11053",
"CVE-2024-2004",
"CVE-2024-2379",
"CVE-2024-2398",
"CVE-2024-2466",
"CVE-2024-6197",
"CVE-2024-6874",
"CVE-2024-7264",
"CVE-2024-8096",
"CVE-2024-9681",
"CVE-2025-0167",
"CVE-2025-0665",
"CVE-2025-0725",
"CVE-2025-10148",
"CVE-2025-4947",
"CVE-2025-5025",
"CVE-2025-5399",
"CVE-2025-9086",
"CVE-2026-24515",
"CVE-2026-25210"
]
}
cleanstart-2026-bw46578
Vulnerability from cleanstart
Published
2026-04-01 09:55
Modified
2026-03-16 17:22
Summary
Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086, CVE-2026-24515, CVE-2026-25210 applied in versions: 0, 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.16.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0
Details
Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "curl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-BW46578",
"modified": "2026-03-16T17:22:25Z",
"published": "2026-04-01T09:55:26.061155Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-BW46578.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2014-0138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2014-0139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5419"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5420"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5421"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-7141"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-7167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8615"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8616"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8617"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8618"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8620"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8621"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8622"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8623"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-9594"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000100"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000101"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000257"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-2629"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7468"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8816"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0500"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000120"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14618"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16839"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16842"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-3822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-3823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5435"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5436"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5481"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5482"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8169"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8177"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8286"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22876"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22890"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22898"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22901"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22922"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22923"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22925"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22945"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22946"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22947"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22576"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27775"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27776"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27778"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27779"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27780"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27782"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-30115"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32205"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32208"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32221"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35260"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42915"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43551"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43552"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23914"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23915"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27533"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27534"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27535"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27536"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28319"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28320"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28321"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28322"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38039"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38545"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38546"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46218"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46219"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-0853"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-11053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2004"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2379"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2398"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6197"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6874"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7264"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8096"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-9681"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0665"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-10148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5025"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-9086"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25210"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5420"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5421"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7141"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8615"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8616"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8617"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8618"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8620"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8621"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8622"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8623"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8624"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9594"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000100"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000101"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2629"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7468"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8816"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0500"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000120"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14618"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16839"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16842"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5435"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5481"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5482"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8169"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8177"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8286"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22876"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22890"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22898"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22901"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22922"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22923"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22925"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22945"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22946"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22947"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27778"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27779"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30115"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32221"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35260"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42915"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28320"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38039"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46218"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46219"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0853"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2004"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6197"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6874"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8096"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0665"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5025"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25210"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086, CVE-2026-24515, CVE-2026-25210 applied in versions: 0, 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.16.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0",
"upstream": [
"CVE-2014-0138",
"CVE-2014-0139",
"CVE-2016-5419",
"CVE-2016-5420",
"CVE-2016-5421",
"CVE-2016-7141",
"CVE-2016-7167",
"CVE-2016-8615",
"CVE-2016-8616",
"CVE-2016-8617",
"CVE-2016-8618",
"CVE-2016-8619",
"CVE-2016-8620",
"CVE-2016-8621",
"CVE-2016-8622",
"CVE-2016-8623",
"CVE-2016-8624",
"CVE-2016-8625",
"CVE-2016-9594",
"CVE-2017-1000099",
"CVE-2017-1000100",
"CVE-2017-1000101",
"CVE-2017-1000257",
"CVE-2017-2629",
"CVE-2017-7407",
"CVE-2017-7468",
"CVE-2017-8816",
"CVE-2017-8817",
"CVE-2017-8818",
"CVE-2018-0500",
"CVE-2018-1000120",
"CVE-2018-1000121",
"CVE-2018-1000122",
"CVE-2018-1000300",
"CVE-2018-1000301",
"CVE-2018-14618",
"CVE-2018-16839",
"CVE-2018-16840",
"CVE-2018-16842",
"CVE-2018-16890",
"CVE-2019-3822",
"CVE-2019-3823",
"CVE-2019-5435",
"CVE-2019-5436",
"CVE-2019-5481",
"CVE-2019-5482",
"CVE-2020-8169",
"CVE-2020-8177",
"CVE-2020-8231",
"CVE-2020-8284",
"CVE-2020-8285",
"CVE-2020-8286",
"CVE-2021-22876",
"CVE-2021-22890",
"CVE-2021-22897",
"CVE-2021-22898",
"CVE-2021-22901",
"CVE-2021-22922",
"CVE-2021-22923",
"CVE-2021-22924",
"CVE-2021-22925",
"CVE-2021-22945",
"CVE-2021-22946",
"CVE-2021-22947",
"CVE-2022-22576",
"CVE-2022-27774",
"CVE-2022-27775",
"CVE-2022-27776",
"CVE-2022-27778",
"CVE-2022-27779",
"CVE-2022-27780",
"CVE-2022-27781",
"CVE-2022-27782",
"CVE-2022-30115",
"CVE-2022-32205",
"CVE-2022-32206",
"CVE-2022-32207",
"CVE-2022-32208",
"CVE-2022-32221",
"CVE-2022-35252",
"CVE-2022-35260",
"CVE-2022-42915",
"CVE-2022-42916",
"CVE-2022-43551",
"CVE-2022-43552",
"CVE-2023-23914",
"CVE-2023-23915",
"CVE-2023-23916",
"CVE-2023-27533",
"CVE-2023-27534",
"CVE-2023-27535",
"CVE-2023-27536",
"CVE-2023-27537",
"CVE-2023-27538",
"CVE-2023-28319",
"CVE-2023-28320",
"CVE-2023-28321",
"CVE-2023-28322",
"CVE-2023-38039",
"CVE-2023-38545",
"CVE-2023-38546",
"CVE-2023-46218",
"CVE-2023-46219",
"CVE-2024-0853",
"CVE-2024-11053",
"CVE-2024-2004",
"CVE-2024-2379",
"CVE-2024-2398",
"CVE-2024-2466",
"CVE-2024-6197",
"CVE-2024-6874",
"CVE-2024-7264",
"CVE-2024-8096",
"CVE-2024-9681",
"CVE-2025-0167",
"CVE-2025-0665",
"CVE-2025-0725",
"CVE-2025-10148",
"CVE-2025-4947",
"CVE-2025-5025",
"CVE-2025-5399",
"CVE-2025-9086",
"CVE-2026-24515",
"CVE-2026-25210"
]
}
cleanstart-2026-lq42192
Vulnerability from cleanstart
Published
2026-04-01 09:55
Modified
2026-03-16 17:19
Summary
Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086, CVE-2026-24515, CVE-2026-25210 applied in versions: 0, 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.18.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0
Details
Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "curl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-LQ42192",
"modified": "2026-03-16T17:19:31Z",
"published": "2026-04-01T09:55:24.898216Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-LQ42192.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2014-0138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2014-0139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5419"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5420"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5421"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-7141"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-7167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8615"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8616"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8617"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8618"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8620"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8621"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8622"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8623"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-9594"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000100"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000101"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000257"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-2629"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7468"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8816"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0500"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000120"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14618"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16839"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16842"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-3822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-3823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5435"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5436"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5481"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5482"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8169"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8177"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8286"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22876"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22890"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22898"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22901"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22922"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22923"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22925"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22945"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22946"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22947"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22576"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27775"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27776"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27778"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27779"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27780"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27782"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-30115"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32205"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32208"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32221"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35260"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42915"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43551"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43552"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23914"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23915"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27533"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27534"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27535"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27536"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28319"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28320"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28321"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28322"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38039"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38545"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38546"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46218"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46219"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-0853"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-11053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2004"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2379"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2398"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6197"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6874"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7264"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8096"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-9681"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0665"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-10148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5025"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-9086"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2026-25210"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5420"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5421"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7141"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8615"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8616"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8617"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8618"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8620"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8621"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8622"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8623"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8624"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9594"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000100"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000101"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2629"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7468"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8816"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0500"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000120"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14618"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16839"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16842"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5435"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5481"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5482"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8169"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8177"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8286"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22876"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22890"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22898"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22901"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22922"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22923"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22925"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22945"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22946"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22947"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27778"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27779"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30115"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32221"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35260"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42915"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28320"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38039"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46218"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46219"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0853"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2004"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6197"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6874"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8096"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0665"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5025"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-24515"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-25210"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086, CVE-2026-24515, CVE-2026-25210 applied in versions: 0, 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.18.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0",
"upstream": [
"CVE-2014-0138",
"CVE-2014-0139",
"CVE-2016-5419",
"CVE-2016-5420",
"CVE-2016-5421",
"CVE-2016-7141",
"CVE-2016-7167",
"CVE-2016-8615",
"CVE-2016-8616",
"CVE-2016-8617",
"CVE-2016-8618",
"CVE-2016-8619",
"CVE-2016-8620",
"CVE-2016-8621",
"CVE-2016-8622",
"CVE-2016-8623",
"CVE-2016-8624",
"CVE-2016-8625",
"CVE-2016-9594",
"CVE-2017-1000099",
"CVE-2017-1000100",
"CVE-2017-1000101",
"CVE-2017-1000257",
"CVE-2017-2629",
"CVE-2017-7407",
"CVE-2017-7468",
"CVE-2017-8816",
"CVE-2017-8817",
"CVE-2017-8818",
"CVE-2018-0500",
"CVE-2018-1000120",
"CVE-2018-1000121",
"CVE-2018-1000122",
"CVE-2018-1000300",
"CVE-2018-1000301",
"CVE-2018-14618",
"CVE-2018-16839",
"CVE-2018-16840",
"CVE-2018-16842",
"CVE-2018-16890",
"CVE-2019-3822",
"CVE-2019-3823",
"CVE-2019-5435",
"CVE-2019-5436",
"CVE-2019-5481",
"CVE-2019-5482",
"CVE-2020-8169",
"CVE-2020-8177",
"CVE-2020-8231",
"CVE-2020-8284",
"CVE-2020-8285",
"CVE-2020-8286",
"CVE-2021-22876",
"CVE-2021-22890",
"CVE-2021-22897",
"CVE-2021-22898",
"CVE-2021-22901",
"CVE-2021-22922",
"CVE-2021-22923",
"CVE-2021-22924",
"CVE-2021-22925",
"CVE-2021-22945",
"CVE-2021-22946",
"CVE-2021-22947",
"CVE-2022-22576",
"CVE-2022-27774",
"CVE-2022-27775",
"CVE-2022-27776",
"CVE-2022-27778",
"CVE-2022-27779",
"CVE-2022-27780",
"CVE-2022-27781",
"CVE-2022-27782",
"CVE-2022-30115",
"CVE-2022-32205",
"CVE-2022-32206",
"CVE-2022-32207",
"CVE-2022-32208",
"CVE-2022-32221",
"CVE-2022-35252",
"CVE-2022-35260",
"CVE-2022-42915",
"CVE-2022-42916",
"CVE-2022-43551",
"CVE-2022-43552",
"CVE-2023-23914",
"CVE-2023-23915",
"CVE-2023-23916",
"CVE-2023-27533",
"CVE-2023-27534",
"CVE-2023-27535",
"CVE-2023-27536",
"CVE-2023-27537",
"CVE-2023-27538",
"CVE-2023-28319",
"CVE-2023-28320",
"CVE-2023-28321",
"CVE-2023-28322",
"CVE-2023-38039",
"CVE-2023-38545",
"CVE-2023-38546",
"CVE-2023-46218",
"CVE-2023-46219",
"CVE-2024-0853",
"CVE-2024-11053",
"CVE-2024-2004",
"CVE-2024-2379",
"CVE-2024-2398",
"CVE-2024-2466",
"CVE-2024-6197",
"CVE-2024-6874",
"CVE-2024-7264",
"CVE-2024-8096",
"CVE-2024-9681",
"CVE-2025-0167",
"CVE-2025-0665",
"CVE-2025-0725",
"CVE-2025-10148",
"CVE-2025-4947",
"CVE-2025-5025",
"CVE-2025-5399",
"CVE-2025-9086",
"CVE-2026-24515",
"CVE-2026-25210"
]
}
cleanstart-2026-of85770
Vulnerability from cleanstart
Published
2026-04-01 09:57
Modified
2026-03-13 12:43
Summary
Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086 applied in versions: 0, 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0
Details
Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details.
References
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"package": {
"ecosystem": "CleanStart",
"name": "curl"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8.9.1-r0"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"credits": [],
"database_specific": {},
"details": "Multiple security vulnerabilities affect the curl package. These issues are resolved in later releases. See references for individual vulnerability details.",
"id": "CLEANSTART-2026-OF85770",
"modified": "2026-03-13T12:43:33Z",
"published": "2026-04-01T09:57:04.724781Z",
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cleanstart-dev/cleanstart-security-advisories/tree/main/advisories/2026/CLEANSTART-2026-OF85770.json"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2014-0138"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2014-0139"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5419"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5420"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-5421"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-7141"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-7167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8615"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8616"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8617"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8618"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8620"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8621"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8622"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8623"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8624"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-8625"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2016-9594"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000100"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000101"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-1000257"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-2629"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7407"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-7468"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8816"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8817"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2017-8818"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-0500"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000120"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000122"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000300"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-1000301"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-14618"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16839"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16842"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-3822"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-3823"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5435"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5436"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5481"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2019-5482"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8169"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8177"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8284"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8285"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2020-8286"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22876"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22890"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22898"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22901"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22922"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22923"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22924"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22925"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22945"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22946"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2021-22947"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-22576"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27774"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27775"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27776"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27778"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27779"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27780"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-27782"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-30115"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32205"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32208"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-32221"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35252"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-35260"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42915"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-42916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43551"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2022-43552"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23914"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23915"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-23916"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27533"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27534"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27535"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27536"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27537"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-27538"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28319"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28320"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28321"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-28322"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38039"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38545"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-38546"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46218"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2023-46219"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-0853"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-11053"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2004"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2379"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2398"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6197"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-6874"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-7264"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-8096"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2024-9681"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0167"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0665"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-0725"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-10148"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5025"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://osv.dev/vulnerability/CVE-2025-9086"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0138"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0139"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5419"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5420"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-5421"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7141"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-7167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8615"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8616"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8617"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8618"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8619"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8620"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8621"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8622"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8623"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8624"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-8625"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-9594"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000100"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000101"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000257"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2629"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7407"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7468"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8816"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8817"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-8818"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0500"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000120"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000121"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000122"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000300"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000301"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14618"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16839"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16840"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16842"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3822"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3823"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5435"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5436"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5481"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-5482"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8169"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8177"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8231"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8284"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8285"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8286"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22876"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22890"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22897"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22898"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22901"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22922"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22923"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22924"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22925"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22945"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22946"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22947"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-22576"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27774"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27775"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27776"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27778"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27779"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27780"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27781"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-27782"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-30115"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32205"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32206"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32207"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32208"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-32221"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35252"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35260"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42915"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-42916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43551"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-43552"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23914"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23915"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-23916"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27533"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27534"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27537"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28319"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28320"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28321"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28322"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38039"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46218"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46219"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0853"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-11053"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2004"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2379"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2398"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-2466"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6197"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-6874"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-7264"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-8096"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9681"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0167"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0665"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-0725"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-10148"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-4947"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5025"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-5399"
},
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9086"
}
],
"related": [],
"schema_version": "1.7.3",
"summary": "Security fixes for CVE-2014-0138, CVE-2014-0139, CVE-2016-5419, CVE-2016-5420, CVE-2016-5421, CVE-2016-7141, CVE-2016-7167, CVE-2016-8615, CVE-2016-8616, CVE-2016-8617, CVE-2016-8618, CVE-2016-8619, CVE-2016-8620, CVE-2016-8621, CVE-2016-8622, CVE-2016-8623, CVE-2016-8624, CVE-2016-8625, CVE-2016-9594, CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101, CVE-2017-1000257, CVE-2017-2629, CVE-2017-7407, CVE-2017-7468, CVE-2017-8816, CVE-2017-8817, CVE-2017-8818, CVE-2018-0500, CVE-2018-1000120, CVE-2018-1000121, CVE-2018-1000122, CVE-2018-1000300, CVE-2018-1000301, CVE-2018-14618, CVE-2018-16839, CVE-2018-16840, CVE-2018-16842, CVE-2018-16890, CVE-2019-3822, CVE-2019-3823, CVE-2019-5435, CVE-2019-5436, CVE-2019-5481, CVE-2019-5482, CVE-2020-8169, CVE-2020-8177, CVE-2020-8231, CVE-2020-8284, CVE-2020-8285, CVE-2020-8286, CVE-2021-22876, CVE-2021-22890, CVE-2021-22897, CVE-2021-22898, CVE-2021-22901, CVE-2021-22922, CVE-2021-22923, CVE-2021-22924, CVE-2021-22925, CVE-2021-22945, CVE-2021-22946, CVE-2021-22947, CVE-2022-22576, CVE-2022-27774, CVE-2022-27775, CVE-2022-27776, CVE-2022-27778, CVE-2022-27779, CVE-2022-27780, CVE-2022-27781, CVE-2022-27782, CVE-2022-30115, CVE-2022-32205, CVE-2022-32206, CVE-2022-32207, CVE-2022-32208, CVE-2022-32221, CVE-2022-35252, CVE-2022-35260, CVE-2022-42915, CVE-2022-42916, CVE-2022-43551, CVE-2022-43552, CVE-2023-23914, CVE-2023-23915, CVE-2023-23916, CVE-2023-27533, CVE-2023-27534, CVE-2023-27535, CVE-2023-27536, CVE-2023-27537, CVE-2023-27538, CVE-2023-28319, CVE-2023-28320, CVE-2023-28321, CVE-2023-28322, CVE-2023-38039, CVE-2023-38545, CVE-2023-38546, CVE-2023-46218, CVE-2023-46219, CVE-2024-0853, CVE-2024-11053, CVE-2024-2004, CVE-2024-2379, CVE-2024-2398, CVE-2024-2466, CVE-2024-6197, CVE-2024-6874, CVE-2024-7264, CVE-2024-8096, CVE-2024-9681, CVE-2025-0167, CVE-2025-0665, CVE-2025-0725, CVE-2025-10148, CVE-2025-4947, CVE-2025-5025, CVE-2025-5399, CVE-2025-9086 applied in versions: 0, 7.36.0-r0, 7.50.1-r0, 7.50.2-r0, 7.50.3-r0, 7.51.0-r0, 7.52.1-r0, 7.53.0-r0, 7.53.1-r2, 7.54.0-r0, 7.55.0-r0, 7.56.1-r0, 7.57.0-r0, 7.59.0-r0, 7.60.0-r0, 7.61.0-r0, 7.61.1-r0, 7.62.0-r0, 7.64.0-r0, 7.65.0-r0, 7.66.0-r0, 7.71.0-r0, 7.72.0-r0, 7.74.0-r0, 7.76.0-r0, 7.77.0-r0, 7.78.0-r0, 7.79.0-r0, 7.83.0-r0, 7.83.1-r0, 7.84.0-r0, 7.85.0-r0, 7.86.0-r0, 7.87.0-r0, 7.88.0-r0, 8.0.0-r0, 8.1.0-r0, 8.10.0-r0, 8.11.0-r0, 8.11.1-r0, 8.12.0-r0, 8.14.0-r0, 8.14.1-r0, 8.15.0-r0, 8.3.0-r0, 8.4.0-r0, 8.5.0-r0, 8.6.0-r0, 8.7.1-r0, 8.9.0-r0, 8.9.1-r0",
"upstream": [
"CVE-2014-0138",
"CVE-2014-0139",
"CVE-2016-5419",
"CVE-2016-5420",
"CVE-2016-5421",
"CVE-2016-7141",
"CVE-2016-7167",
"CVE-2016-8615",
"CVE-2016-8616",
"CVE-2016-8617",
"CVE-2016-8618",
"CVE-2016-8619",
"CVE-2016-8620",
"CVE-2016-8621",
"CVE-2016-8622",
"CVE-2016-8623",
"CVE-2016-8624",
"CVE-2016-8625",
"CVE-2016-9594",
"CVE-2017-1000099",
"CVE-2017-1000100",
"CVE-2017-1000101",
"CVE-2017-1000257",
"CVE-2017-2629",
"CVE-2017-7407",
"CVE-2017-7468",
"CVE-2017-8816",
"CVE-2017-8817",
"CVE-2017-8818",
"CVE-2018-0500",
"CVE-2018-1000120",
"CVE-2018-1000121",
"CVE-2018-1000122",
"CVE-2018-1000300",
"CVE-2018-1000301",
"CVE-2018-14618",
"CVE-2018-16839",
"CVE-2018-16840",
"CVE-2018-16842",
"CVE-2018-16890",
"CVE-2019-3822",
"CVE-2019-3823",
"CVE-2019-5435",
"CVE-2019-5436",
"CVE-2019-5481",
"CVE-2019-5482",
"CVE-2020-8169",
"CVE-2020-8177",
"CVE-2020-8231",
"CVE-2020-8284",
"CVE-2020-8285",
"CVE-2020-8286",
"CVE-2021-22876",
"CVE-2021-22890",
"CVE-2021-22897",
"CVE-2021-22898",
"CVE-2021-22901",
"CVE-2021-22922",
"CVE-2021-22923",
"CVE-2021-22924",
"CVE-2021-22925",
"CVE-2021-22945",
"CVE-2021-22946",
"CVE-2021-22947",
"CVE-2022-22576",
"CVE-2022-27774",
"CVE-2022-27775",
"CVE-2022-27776",
"CVE-2022-27778",
"CVE-2022-27779",
"CVE-2022-27780",
"CVE-2022-27781",
"CVE-2022-27782",
"CVE-2022-30115",
"CVE-2022-32205",
"CVE-2022-32206",
"CVE-2022-32207",
"CVE-2022-32208",
"CVE-2022-32221",
"CVE-2022-35252",
"CVE-2022-35260",
"CVE-2022-42915",
"CVE-2022-42916",
"CVE-2022-43551",
"CVE-2022-43552",
"CVE-2023-23914",
"CVE-2023-23915",
"CVE-2023-23916",
"CVE-2023-27533",
"CVE-2023-27534",
"CVE-2023-27535",
"CVE-2023-27536",
"CVE-2023-27537",
"CVE-2023-27538",
"CVE-2023-28319",
"CVE-2023-28320",
"CVE-2023-28321",
"CVE-2023-28322",
"CVE-2023-38039",
"CVE-2023-38545",
"CVE-2023-38546",
"CVE-2023-46218",
"CVE-2023-46219",
"CVE-2024-0853",
"CVE-2024-11053",
"CVE-2024-2004",
"CVE-2024-2379",
"CVE-2024-2398",
"CVE-2024-2466",
"CVE-2024-6197",
"CVE-2024-6874",
"CVE-2024-7264",
"CVE-2024-8096",
"CVE-2024-9681",
"CVE-2025-0167",
"CVE-2025-0665",
"CVE-2025-0725",
"CVE-2025-10148",
"CVE-2025-4947",
"CVE-2025-5025",
"CVE-2025-5399",
"CVE-2025-9086"
]
}
FKIE_CVE-2018-16890
Vulnerability from fkie_nvd - Published: 2019-02-06 20:29 - Updated: 2024-11-21 03:53
Severity
Summary
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
References
| URL | Tags | ||
|---|---|---|---|
| secalert@redhat.com | http://www.securityfocus.com/bid/106947 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2019:3701 | Third Party Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890 | Issue Tracking, Mitigation, Patch, Third Party Advisory | |
| secalert@redhat.com | https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf | Third Party Advisory | |
| secalert@redhat.com | https://curl.haxx.se/docs/CVE-2018-16890.html | Patch, Vendor Advisory | |
| secalert@redhat.com | https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E | ||
| secalert@redhat.com | https://security.netapp.com/advisory/ntap-20190315-0001/ | Patch, Third Party Advisory | |
| secalert@redhat.com | https://support.f5.com/csp/article/K03314397?utm_source=f5support&%3Butm_medium=RSS | ||
| secalert@redhat.com | https://usn.ubuntu.com/3882-1/ | Third Party Advisory | |
| secalert@redhat.com | https://www.debian.org/security/2019/dsa-4386 | Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| secalert@redhat.com | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/106947 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2019:3701 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890 | Issue Tracking, Mitigation, Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://curl.haxx.se/docs/CVE-2018-16890.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://security.netapp.com/advisory/ntap-20190315-0001/ | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://support.f5.com/csp/article/K03314397?utm_source=f5support&%3Butm_medium=RSS | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://usn.ubuntu.com/3882-1/ | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2019/dsa-4386 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| haxx | libcurl | * | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 18.04 | |
| canonical | ubuntu_linux | 18.10 | |
| debian | debian_linux | 9.0 | |
| netapp | clustered_data_ontap | * | |
| siemens | sinema_remote_connect_client | * | |
| oracle | communications_operations_monitor | 3.4 | |
| oracle | communications_operations_monitor | 4.0 | |
| oracle | http_server | 12.2.1.3.0 | |
| oracle | secure_global_desktop | 5.4 | |
| redhat | enterprise_linux | 8.0 | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * | |
| f5 | big-ip_access_policy_manager | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0572AA2C-5E33-4612-8BDE-0859690EA089",
"versionEndExcluding": "7.64.0",
"versionStartIncluding": "7.36.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B0E976A9-6253-4DF5-9370-471D0469B395",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "626EEBF4-73B9-44B3-BF55-50EC9139EF66",
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6FCB6C17-33AC-4E5E-8633-7490058CA51F",
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3",
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A53E3C-3E09-4100-8D5A-10AD4973C230",
"versionEndIncluding": "15.0.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds."
},
{
"lang": "es",
"value": "Libcurl, desde la versi\u00f3n 7.36.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria din\u00e1mica (heap) fuera de l\u00edmites. La funci\u00f3n que gestiona los mensajes entrantes NTLM de tipo 2 (\"lib/vauth/ntlm.c:ntlm_decode_type2_target\") no valida los datos entrantes correctamente y est\u00e1 sujeta a una vulnerabilidad de desbordamiento de enteros. Mediante ese desbordamiento, un servidor NTLM malicioso o roto podr\u00eda enga\u00f1ar a libcurl para que acepte una mala combinaci\u00f3n de longitud + desplazamiento que conducir\u00eda a una lectura del b\u00fafer fuera de l\u00edmites."
}
],
"id": "CVE-2018-16890",
"lastModified": "2024-11-21T03:53:32.740",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-02-06T20:29:00.243",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106947"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3701"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/docs/CVE-2018-16890.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"source": "secalert@redhat.com",
"url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3701"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/docs/CVE-2018-16890.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp%3Butm_medium=RSS"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-190"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-53FG-3J53-939Q
Vulnerability from github – Published: 2022-05-13 01:16 – Updated: 2022-05-13 01:16
VLAI
Details
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (lib/vauth/ntlm.c:ntlm_decode_type2_target) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
Severity
7.5 (High)
{
"affected": [],
"aliases": [
"CVE-2018-16890"
],
"database_specific": {
"cwe_ids": [
"CWE-125"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-02-06T20:29:00Z",
"severity": "HIGH"
},
"details": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.",
"id": "GHSA-53fg-3j53-939q",
"modified": "2022-05-13T01:16:11Z",
"published": "2022-05-13T01:16:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2019:3701"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"
},
{
"type": "WEB",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/docs/CVE-2018-16890.html"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190315-0001"
},
{
"type": "WEB",
"url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/3882-1"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/106947"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2018-16890
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-16890",
"description": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.",
"id": "GSD-2018-16890",
"references": [
"https://www.suse.com/security/cve/CVE-2018-16890.html",
"https://www.debian.org/security/2019/dsa-4386",
"https://access.redhat.com/errata/RHSA-2019:3701",
"https://access.redhat.com/errata/RHSA-2019:1543",
"https://ubuntu.com/security/CVE-2018-16890",
"https://security.archlinux.org/CVE-2018-16890",
"https://linux.oracle.com/cve/CVE-2018-16890.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-16890"
],
"details": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.",
"id": "GSD-2018-16890",
"modified": "2023-12-13T01:22:26.190671Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16890",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "curl",
"version": {
"version_data": [
{
"version_value": "7.64.0"
}
]
}
}
]
},
"vendor_name": "The curl Project"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "5.4/CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-125"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-4386",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"name": "106947",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/106947"
},
{
"name": "https://curl.haxx.se/docs/CVE-2018-16890.html",
"refsource": "MISC",
"url": "https://curl.haxx.se/docs/CVE-2018-16890.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"name": "USN-3882-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"refsource": "CONFIRM",
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "RHSA-2019:3701",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2019:3701"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "7.64.0",
"versionStartIncluding": "7.36.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:netapp:clustered_data_ontap:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:siemens:sinema_remote_connect_client:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.0",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.1.3",
"versionStartIncluding": "13.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "14.1.2",
"versionStartIncluding": "14.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "15.0.1",
"versionStartIncluding": "15.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-16890"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
},
{
"lang": "en",
"value": "CWE-190"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://curl.haxx.se/docs/CVE-2018-16890.html",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/docs/CVE-2018-16890.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Mitigation",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890"
},
{
"name": "DSA-4386",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2019/dsa-4386"
},
{
"name": "USN-3882-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3882-1/"
},
{
"name": "106947",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/106947"
},
{
"name": "https://security.netapp.com/advisory/ntap-20190315-0001/",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20190315-0001/"
},
{
"name": "[infra-devnull] 20190404 [GitHub] [incubator-openwhisk-runtime-ballerina] falkzoll commented on issue #15: Update to new base image jdk8u202-b08_openj9-0.12.1.",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f@%3Cdevnull.infra.apache.org%3E"
},
{
"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
},
{
"name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
},
{
"name": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp;utm_medium=RSS",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support\u0026amp;utm_medium=RSS"
},
{
"name": "RHSA-2019:3701",
"refsource": "REDHAT",
"tags": [
"Third Party Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2019:3701"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-09-18T16:33Z",
"publishedDate": "2019-02-06T20:29Z"
}
}
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…