Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/137901?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/137901?format=api", "purl": "pkg:generic/curl.se/curl@7.57.0", "type": "generic", "namespace": "curl.se", "name": "curl", "version": "7.57.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "8.20.0", "latest_non_vulnerable_version": "8.20.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7242?format=api", "vulnerability_id": "VCID-18p4-rvxz-pkeu", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22923.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22923.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22923", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00068", "scoring_system": "epss", "scoring_elements": "0.20998", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22923" }, { "reference_url": "https://curl.se/docs/CVE-2021-22923.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22923.html" }, { "reference_url": "https://hackerone.com/reports/1213181", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1213181" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981438", "reference_id": "1981438", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981438" }, { "reference_url": "https://security.archlinux.org/ASA-202107-59", "reference_id": "ASA-202107-59", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-59" }, { "reference_url": "https://security.archlinux.org/AVG-2194", "reference_id": "AVG-2194", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2194" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3582", "reference_id": "RHSA-2021:3582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3903", "reference_id": "RHSA-2021:3903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3903" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137934?format=api", "purl": "pkg:generic/curl.se/curl@7.78.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-cjyz-fdnv-b3g4" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.78.0" } ], "aliases": [ "CVE-2021-22923" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-18p4-rvxz-pkeu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65692?format=api", "vulnerability_id": "VCID-1a1k-d4ez-ybdu", "summary": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35252", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52551", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35252" }, { "reference_url": "https://curl.se/docs/CVE-2022-35252.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-35252.html" }, { "reference_url": "https://hackerone.com/reports/1613943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1613943" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831", "reference_id": "1018831", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120718", "reference_id": "2120718", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120718" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2478", "reference_id": "RHSA-2023:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2963", "reference_id": "RHSA-2023:2963", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137945?format=api", "purl": "pkg:generic/curl.se/curl@7.85.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-mpuf-pp6z-q3d6" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.85.0" } ], "aliases": [ "CVE-2022-35252" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1a1k-d4ez-ybdu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65724?format=api", "vulnerability_id": "VCID-1dw3-33ju-jkbs", "summary": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json" }, { "reference_url": "https://curl.se/docs/CVE-2025-0725.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2025-0725.html" }, { "reference_url": "https://hackerone.com/reports/2956023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2956023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343899", "reference_id": "2343899", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343899" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137970?format=api", "purl": "pkg:generic/curl.se/curl@8.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-ezve-gc2h-qyga" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.0" } ], "aliases": [ "CVE-2025-0725" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1dw3-33ju-jkbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65684?format=api", "vulnerability_id": "VCID-1kpz-55f1-f7dj", "summary": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14618.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-14618.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14618", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00493", "scoring_system": "epss", "scoring_elements": "0.66048", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-14618" }, { "reference_url": "https://curl.se/docs/CVE-2018-14618.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-14618.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622707", "reference_id": "1622707", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622707" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908327", "reference_id": "908327", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=908327" }, { "reference_url": "https://security.gentoo.org/glsa/201903-03", "reference_id": "GLSA-201903-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1880", "reference_id": "RHSA-2019:1880", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:1880" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137907?format=api", "purl": "pkg:generic/curl.se/curl@7.61.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-ubnn-z97k-47gw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.61.1" } ], "aliases": [ "CVE-2018-14618" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1kpz-55f1-f7dj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7243?format=api", "vulnerability_id": "VCID-1m1w-rayk-sffe", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22922.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22922.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22922", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00146", "scoring_system": "epss", "scoring_elements": "0.347", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22922" }, { "reference_url": "https://curl.se/docs/CVE-2021-22922.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22922.html" }, { "reference_url": "https://hackerone.com/reports/1213175", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1213175" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981435", "reference_id": "1981435", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981435" }, { "reference_url": "https://security.archlinux.org/ASA-202107-59", "reference_id": "ASA-202107-59", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-59" }, { "reference_url": "https://security.archlinux.org/AVG-2194", "reference_id": "AVG-2194", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2194" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3582", "reference_id": "RHSA-2021:3582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3903", "reference_id": "RHSA-2021:3903", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3903" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137934?format=api", "purl": "pkg:generic/curl.se/curl@7.78.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-cjyz-fdnv-b3g4" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.78.0" } ], "aliases": [ "CVE-2021-22922" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1m1w-rayk-sffe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44796?format=api", "vulnerability_id": "VCID-1zsv-4jdy-63en", "summary": "Improper Authentication\nAn authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-27536.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27536.html" }, { "reference_url": "https://hackerone.com/reports/1895135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1895135" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179092", "reference_id": "2179092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179092" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536", "reference_id": "CVE-2023-27536", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4523", "reference_id": "RHSA-2023:4523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27536" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1zsv-4jdy-63en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65730?format=api", "vulnerability_id": "VCID-21ff-tazv-9ud3", "summary": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json" }, { "reference_url": "https://curl.se/docs/CVE-2025-14524.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2025-14524.html" }, { "reference_url": "https://hackerone.com/reports/3459417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3459417" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426407", "reference_id": "2426407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-14524" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-21ff-tazv-9ud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/106856?format=api", "vulnerability_id": "VCID-27bv-f11z-myak", "summary": "curl: CURLOPT_SSLCERT mixup with Secure Transport", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22926.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22926.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22926", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00657", "scoring_system": "epss", "scoring_elements": "0.71416", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22926" }, { "reference_url": "https://curl.se/docs/CVE-2021-22926.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22926.html" }, { "reference_url": "https://hackerone.com/reports/1234760", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1234760" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016088", "reference_id": "2016088", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2016088" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137934?format=api", "purl": "pkg:generic/curl.se/curl@7.78.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-cjyz-fdnv-b3g4" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.78.0" } ], "aliases": [ "CVE-2021-22926" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-27bv-f11z-myak" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65106?format=api", "vulnerability_id": "VCID-39qh-jayw-g3dh", "summary": "curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-1965.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-1965.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446448", "reference_id": "2446448", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137979?format=api", "purl": "pkg:generic/curl.se/curl@8.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0" } ], "aliases": [ "CVE-2026-1965" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39qh-jayw-g3dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6153?format=api", "vulnerability_id": "VCID-3ws4-1sak-r3ck", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16890.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16890.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16890", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01204", "scoring_system": "epss", "scoring_elements": "0.79272", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16890" }, { "reference_url": "https://curl.se/docs/CVE-2018-16890.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-16890.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670252", "reference_id": "1670252", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670252" }, { "reference_url": "https://security.archlinux.org/ASA-201902-10", "reference_id": "ASA-201902-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-10" }, { "reference_url": "https://security.archlinux.org/ASA-201902-11", "reference_id": "ASA-201902-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-11" }, { "reference_url": "https://security.archlinux.org/ASA-201902-12", "reference_id": "ASA-201902-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-12" }, { "reference_url": "https://security.archlinux.org/ASA-201902-13", "reference_id": "ASA-201902-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-13" }, { "reference_url": "https://security.archlinux.org/ASA-201902-9", "reference_id": "ASA-201902-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-9" }, { "reference_url": "https://security.archlinux.org/AVG-873", "reference_id": "AVG-873", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-873" }, { "reference_url": "https://security.archlinux.org/AVG-874", "reference_id": "AVG-874", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-874" }, { "reference_url": "https://security.archlinux.org/AVG-875", "reference_id": "AVG-875", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-875" }, { "reference_url": "https://security.archlinux.org/AVG-876", "reference_id": "AVG-876", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-876" }, { "reference_url": "https://security.archlinux.org/AVG-877", "reference_id": "AVG-877", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3701", "reference_id": "RHSA-2019:3701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3701" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137911?format=api", "purl": "pkg:generic/curl.se/curl@7.64.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-fp66-fzqt-6yg7" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xc5k-47n9-43d6" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.64.0" } ], "aliases": [ "CVE-2018-16890" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3ws4-1sak-r3ck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6217?format=api", "vulnerability_id": "VCID-4hha-2z31-2bf8", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16839.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16839.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16839", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00346", "scoring_system": "epss", "scoring_elements": "0.57384", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16839" }, { "reference_url": "https://curl.se/docs/CVE-2018-16839.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-16839.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642201", "reference_id": "1642201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642201" }, { "reference_url": "https://security.archlinux.org/ASA-201811-7", "reference_id": "ASA-201811-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-7" }, { "reference_url": "https://security.archlinux.org/ASA-201811-8", "reference_id": "ASA-201811-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-8" }, { "reference_url": "https://security.archlinux.org/ASA-201811-9", "reference_id": "ASA-201811-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-9" }, { "reference_url": "https://security.archlinux.org/AVG-796", "reference_id": "AVG-796", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-796" }, { "reference_url": "https://security.archlinux.org/AVG-797", "reference_id": "AVG-797", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-797" }, { "reference_url": "https://security.archlinux.org/AVG-798", "reference_id": "AVG-798", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-798" }, { "reference_url": "https://security.gentoo.org/glsa/201903-03", "reference_id": "GLSA-201903-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-03" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137908?format=api", "purl": "pkg:generic/curl.se/curl@7.62.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-fp66-fzqt-6yg7" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xc5k-47n9-43d6" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.62.0" } ], "aliases": [ "CVE-2018-16839" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4hha-2z31-2bf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65687?format=api", "vulnerability_id": "VCID-4zcd-rbx3-qye5", "summary": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5482.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5482.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5482", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.09715", "scoring_system": "epss", "scoring_elements": "0.93078", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5482" }, { "reference_url": "https://curl.se/docs/CVE-2019-5482.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2019-5482.html" }, { "reference_url": "https://hackerone.com/reports/684603", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/684603" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749652", "reference_id": "1749652", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749652" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940010", "reference_id": "940010", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940010" }, { "reference_url": "https://security.archlinux.org/AVG-1982", "reference_id": "AVG-1982", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1982" }, { "reference_url": "https://security.gentoo.org/glsa/202003-29", "reference_id": "GLSA-202003-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0250", "reference_id": "RHSA-2020:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1792", "reference_id": "RHSA-2020:1792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:3916", "reference_id": "RHSA-2020:3916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:3916" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0759", "reference_id": "RHSA-2021:0759", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0759" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0877", "reference_id": "RHSA-2021:0877", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0877" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1027", "reference_id": "RHSA-2021:1027", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1027" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137917?format=api", "purl": "pkg:generic/curl.se/curl@7.66.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-fp66-fzqt-6yg7" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.66.0" } ], "aliases": [ "CVE-2019-5482" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4zcd-rbx3-qye5" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65685?format=api", "vulnerability_id": "VCID-58p5-pfy3-xug1", "summary": "A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl \"engine\") on invocation. If that curl is invoked by a privileged user it can do anything it wants.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5443.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5443.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5443", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00954", "scoring_system": "epss", "scoring_elements": "0.7677", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5443" }, { "reference_url": "https://curl.se/docs/CVE-2019-5443.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2019-5443.html" }, { "reference_url": "https://hackerone.com/reports/608577", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/608577" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772100", "reference_id": "1772100", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1772100" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137917?format=api", "purl": "pkg:generic/curl.se/curl@7.66.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-fp66-fzqt-6yg7" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.66.0" } ], "aliases": [ "CVE-2019-5443" ], "risk_score": 3.8, "exploitability": "0.5", "weighted_severity": "7.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-58p5-pfy3-xug1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65683?format=api", "vulnerability_id": "VCID-5ujs-47hf-g7gj", "summary": "A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000122.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000122.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000122", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01639", "scoring_system": "epss", "scoring_elements": "0.82277", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000122" }, { "reference_url": "https://curl.se/docs/CVE-2018-1000122.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-1000122.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553398", "reference_id": "1553398", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1553398" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546", "reference_id": "893546", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546" }, { "reference_url": "https://security.archlinux.org/ASA-201803-15", "reference_id": "ASA-201803-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-15" }, { "reference_url": "https://security.archlinux.org/ASA-201803-16", "reference_id": "ASA-201803-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-16" }, { "reference_url": "https://security.archlinux.org/ASA-201803-17", "reference_id": "ASA-201803-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-17" }, { "reference_url": "https://security.archlinux.org/ASA-201803-18", "reference_id": "ASA-201803-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-18" }, { "reference_url": "https://security.archlinux.org/ASA-201803-19", "reference_id": "ASA-201803-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-19" }, { "reference_url": "https://security.archlinux.org/ASA-201803-20", "reference_id": "ASA-201803-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-20" }, { "reference_url": "https://security.archlinux.org/AVG-653", "reference_id": "AVG-653", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-653" }, { "reference_url": "https://security.archlinux.org/AVG-654", "reference_id": "AVG-654", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-654" }, { "reference_url": "https://security.archlinux.org/AVG-655", "reference_id": "AVG-655", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-655" }, { "reference_url": "https://security.archlinux.org/AVG-656", "reference_id": "AVG-656", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-656" }, { "reference_url": "https://security.archlinux.org/AVG-660", "reference_id": "AVG-660", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-660" }, { "reference_url": "https://security.archlinux.org/AVG-661", "reference_id": "AVG-661", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-661" }, { "reference_url": "https://security.gentoo.org/glsa/201804-04", "reference_id": "GLSA-201804-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137904?format=api", "purl": "pkg:generic/curl.se/curl@7.59.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6745-tyba-33fa" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kae8-wmf2-2kf1" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p7mn-a632-c3ag" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-ubnn-z97k-47gw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.59.0" } ], "aliases": [ "CVE-2018-1000122" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5ujs-47hf-g7gj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61672?format=api", "vulnerability_id": "VCID-5un8-xymy-37bt", "summary": "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5773.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-5773.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-5773.html" }, { "reference_url": "https://hackerone.com/reports/3650689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3650689" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461201", "reference_id": "2461201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-5773" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5un8-xymy-37bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4268?format=api", "vulnerability_id": "VCID-6745-tyba-33fa", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000301.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000301.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000301", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02845", "scoring_system": "epss", "scoring_elements": "0.86486", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000301" }, { "reference_url": "https://curl.se/docs/CVE-2018-1000301.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-1000301.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000301" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575536", "reference_id": "1575536", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575536" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898856", "reference_id": "898856", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898856" }, { "reference_url": "https://security.archlinux.org/ASA-201805-13", "reference_id": "ASA-201805-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-13" }, { "reference_url": "https://security.archlinux.org/ASA-201805-14", "reference_id": "ASA-201805-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-14" }, { "reference_url": "https://security.archlinux.org/ASA-201805-15", "reference_id": "ASA-201805-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-15" }, { "reference_url": "https://security.archlinux.org/ASA-201805-16", "reference_id": "ASA-201805-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-16" }, { "reference_url": "https://security.archlinux.org/ASA-201805-17", "reference_id": "ASA-201805-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-17" }, { "reference_url": "https://security.archlinux.org/ASA-201805-18", "reference_id": "ASA-201805-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-18" }, { "reference_url": "https://security.archlinux.org/AVG-694", "reference_id": "AVG-694", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-694" }, { "reference_url": "https://security.archlinux.org/AVG-695", "reference_id": "AVG-695", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-695" }, { "reference_url": "https://security.archlinux.org/AVG-696", "reference_id": "AVG-696", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-696" }, { "reference_url": "https://security.archlinux.org/AVG-697", "reference_id": "AVG-697", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-697" }, { "reference_url": "https://security.archlinux.org/AVG-698", "reference_id": "AVG-698", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-698" }, { "reference_url": "https://security.archlinux.org/AVG-699", "reference_id": "AVG-699", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-699" }, { "reference_url": "https://security.gentoo.org/glsa/201806-05", "reference_id": "GLSA-201806-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201806-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137905?format=api", "purl": "pkg:generic/curl.se/curl@7.60.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p7mn-a632-c3ag" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-ubnn-z97k-47gw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.60.0" } ], "aliases": [ "CVE-2018-1000301" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6745-tyba-33fa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6859?format=api", "vulnerability_id": "VCID-738z-myg9-37hr", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27774.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27774", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00314", "scoring_system": "epss", "scoring_elements": "0.54842", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27774" }, { "reference_url": "https://curl.se/docs/CVE-2022-27774.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-27774.html" }, { "reference_url": "https://hackerone.com/reports/1543773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1543773" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010254", "reference_id": "1010254", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010254" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077547", "reference_id": "2077547", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077547" }, { "reference_url": "https://security.archlinux.org/AVG-2685", "reference_id": "AVG-2685", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2685" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5245", "reference_id": "RHSA-2022:5245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5313", "reference_id": "RHSA-2022:5313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137941?format=api", "purl": "pkg:generic/curl.se/curl@7.83.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5m9y-9y57-kqg6" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hb4z-s871-d7ck" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-mqzd-mcw5-s3h6" }, { "vulnerability": "VCID-mray-vkqx-5ka7" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.83.0" } ], "aliases": [ "CVE-2022-27774" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-738z-myg9-37hr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65729?format=api", "vulnerability_id": "VCID-7wqd-99h2-e7hk", "summary": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json" }, { "reference_url": "https://curl.se/docs/CVE-2025-14017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2025-14017.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427870", "reference_id": "2427870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427870" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-14017" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wqd-99h2-e7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5242?format=api", "vulnerability_id": "VCID-7yvu-s3p2-sfhc", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22947.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22947", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00253", "scoring_system": "epss", "scoring_elements": "0.48856", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22947" }, { "reference_url": "https://curl.se/docs/CVE-2021-22947.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22947.html" }, { "reference_url": "https://hackerone.com/reports/1334763", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1334763" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003191", "reference_id": "2003191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003191" }, { "reference_url": "https://security.archlinux.org/AVG-2384", "reference_id": "AVG-2384", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2384" }, { "reference_url": "https://security.archlinux.org/AVG-2385", "reference_id": "AVG-2385", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2385" }, { "reference_url": "https://security.archlinux.org/AVG-2386", "reference_id": "AVG-2386", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2386" }, { "reference_url": "https://security.archlinux.org/AVG-2387", "reference_id": "AVG-2387", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2387" }, { "reference_url": "https://security.archlinux.org/AVG-2388", "reference_id": "AVG-2388", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2388" }, { "reference_url": "https://security.archlinux.org/AVG-2389", "reference_id": "AVG-2389", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2389" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4059", "reference_id": "RHSA-2021:4059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0635", "reference_id": "RHSA-2022:0635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1354", "reference_id": "RHSA-2022:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1354" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137935?format=api", "purl": "pkg:generic/curl.se/curl@7.79.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.79.0" } ], "aliases": [ "CVE-2021-22947" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7yvu-s3p2-sfhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5469?format=api", "vulnerability_id": "VCID-a58z-fu87-9ybs", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22898.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22898.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22898", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00137", "scoring_system": "epss", "scoring_elements": "0.33296", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22898" }, { "reference_url": "https://curl.se/docs/CVE-2021-22898.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22898.html" }, { "reference_url": "https://hackerone.com/reports/1176461", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1176461" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964887", "reference_id": "1964887", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1964887" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989228", "reference_id": "989228", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=989228" }, { "reference_url": "https://security.archlinux.org/ASA-202106-4", "reference_id": "ASA-202106-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-4" }, { "reference_url": "https://security.archlinux.org/ASA-202106-5", "reference_id": "ASA-202106-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-5" }, { "reference_url": "https://security.archlinux.org/ASA-202106-6", "reference_id": "ASA-202106-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-6" }, { "reference_url": "https://security.archlinux.org/ASA-202106-7", "reference_id": "ASA-202106-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-7" }, { "reference_url": "https://security.archlinux.org/ASA-202106-8", "reference_id": "ASA-202106-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-8" }, { "reference_url": "https://security.archlinux.org/ASA-202106-9", "reference_id": "ASA-202106-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202106-9" }, { "reference_url": "https://security.archlinux.org/AVG-1995", "reference_id": "AVG-1995", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1995" }, { "reference_url": "https://security.archlinux.org/AVG-1996", "reference_id": "AVG-1996", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1996" }, { "reference_url": "https://security.archlinux.org/AVG-1997", "reference_id": "AVG-1997", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1997" }, { "reference_url": "https://security.archlinux.org/AVG-1998", "reference_id": "AVG-1998", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1998" }, { "reference_url": "https://security.archlinux.org/AVG-1999", "reference_id": "AVG-1999", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1999" }, { "reference_url": "https://security.archlinux.org/AVG-2000", "reference_id": "AVG-2000", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2000" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4511", "reference_id": "RHSA-2021:4511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4511" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137933?format=api", "purl": "pkg:generic/curl.se/curl@7.77.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-cjyz-fdnv-b3g4" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.77.0" } ], "aliases": [ "CVE-2021-22898" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a58z-fu87-9ybs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65704?format=api", "vulnerability_id": "VCID-a8z6-bswu-jue8", "summary": "A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-28320.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28320.html" }, { "reference_url": "https://hackerone.com/reports/1929597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1929597" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196783", "reference_id": "2196783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196783" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28320" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8z6-bswu-jue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7240?format=api", "vulnerability_id": "VCID-am31-t2h3-zbgw", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22925", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00233", "scoring_system": "epss", "scoring_elements": "0.46217", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22925" }, { "reference_url": "https://curl.se/docs/CVE-2021-22925.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22925.html" }, { "reference_url": "https://hackerone.com/reports/1223882", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1223882" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970902", "reference_id": "1970902", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1970902" }, { "reference_url": "https://security.archlinux.org/ASA-202107-59", "reference_id": "ASA-202107-59", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-59" }, { "reference_url": "https://security.archlinux.org/ASA-202107-60", "reference_id": "ASA-202107-60", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-60" }, { "reference_url": "https://security.archlinux.org/ASA-202107-61", "reference_id": "ASA-202107-61", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-61" }, { "reference_url": "https://security.archlinux.org/ASA-202107-62", "reference_id": "ASA-202107-62", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-62" }, { "reference_url": "https://security.archlinux.org/ASA-202107-63", "reference_id": "ASA-202107-63", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-63" }, { "reference_url": "https://security.archlinux.org/ASA-202107-64", "reference_id": "ASA-202107-64", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-64" }, { "reference_url": "https://security.archlinux.org/AVG-2194", "reference_id": "AVG-2194", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2194" }, { "reference_url": "https://security.archlinux.org/AVG-2195", "reference_id": "AVG-2195", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2195" }, { "reference_url": "https://security.archlinux.org/AVG-2196", "reference_id": "AVG-2196", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2196" }, { "reference_url": "https://security.archlinux.org/AVG-2197", "reference_id": "AVG-2197", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2197" }, { "reference_url": "https://security.archlinux.org/AVG-2198", "reference_id": "AVG-2198", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2198" }, { "reference_url": "https://security.archlinux.org/AVG-2199", "reference_id": "AVG-2199", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2199" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4511", "reference_id": "RHSA-2021:4511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4511" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137934?format=api", "purl": "pkg:generic/curl.se/curl@7.78.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-cjyz-fdnv-b3g4" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.78.0" } ], "aliases": [ "CVE-2021-22925" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-am31-t2h3-zbgw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65701?format=api", "vulnerability_id": "VCID-azcz-b8f2-63be", "summary": "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-27533.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27533.html" }, { "reference_url": "https://hackerone.com/reports/1891474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1891474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062", "reference_id": "2179062", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27533" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azcz-b8f2-63be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6151?format=api", "vulnerability_id": "VCID-bb6v-z8yg-6fe3", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3823.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3823.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3823", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01568", "scoring_system": "epss", "scoring_elements": "0.81855", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3823" }, { "reference_url": "https://curl.se/docs/CVE-2019-3823.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2019-3823.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670256", "reference_id": "1670256", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670256" }, { "reference_url": "https://security.archlinux.org/ASA-201902-10", "reference_id": "ASA-201902-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-10" }, { "reference_url": "https://security.archlinux.org/ASA-201902-11", "reference_id": "ASA-201902-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-11" }, { "reference_url": "https://security.archlinux.org/ASA-201902-12", "reference_id": "ASA-201902-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-12" }, { "reference_url": "https://security.archlinux.org/ASA-201902-13", "reference_id": "ASA-201902-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-13" }, { "reference_url": "https://security.archlinux.org/ASA-201902-9", "reference_id": "ASA-201902-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-9" }, { "reference_url": "https://security.archlinux.org/AVG-873", "reference_id": "AVG-873", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-873" }, { "reference_url": "https://security.archlinux.org/AVG-874", "reference_id": "AVG-874", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-874" }, { "reference_url": "https://security.archlinux.org/AVG-875", "reference_id": "AVG-875", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-875" }, { "reference_url": "https://security.archlinux.org/AVG-876", "reference_id": "AVG-876", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-876" }, { "reference_url": "https://security.archlinux.org/AVG-877", "reference_id": "AVG-877", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-877" }, { "reference_url": "https://security.gentoo.org/glsa/201903-03", "reference_id": "GLSA-201903-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3701", "reference_id": "RHSA-2019:3701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3701" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137911?format=api", "purl": "pkg:generic/curl.se/curl@7.64.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-fp66-fzqt-6yg7" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xc5k-47n9-43d6" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.64.0" } ], "aliases": [ "CVE-2019-3823" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bb6v-z8yg-6fe3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60252?format=api", "vulnerability_id": "VCID-bcuq-n4vb-k7f3", "summary": "curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7168.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-7168.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-7168.html" }, { "reference_url": "https://hackerone.com/reports/3697719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3697719" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476979", "reference_id": "2476979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19106", "reference_id": "RHSA-2026:19106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19106" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-7168" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcuq-n4vb-k7f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44801?format=api", "vulnerability_id": "VCID-bx2m-n5ft-3be8", "summary": "Improper Authentication\nAn authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-27535.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27535.html" }, { "reference_url": "https://hackerone.com/reports/1892780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1892780" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179073", "reference_id": "2179073", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179073" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535", "reference_id": "CVE-2023-27535", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2650", "reference_id": "RHSA-2023:2650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3106", "reference_id": "RHSA-2023:3106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27535" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bx2m-n5ft-3be8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65691?format=api", "vulnerability_id": "VCID-cdzf-3ydt-8bdk", "summary": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01853", "scoring_system": "epss", "scoring_elements": "0.83366", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32221" }, { "reference_url": "https://curl.se/docs/CVE-2022-32221.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-32221.html" }, { "reference_url": "https://hackerone.com/reports/1704017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1704017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135411", "reference_id": "2135411", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135411" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0333", "reference_id": "RHSA-2023:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4139", "reference_id": "RHSA-2023:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137946?format=api", "purl": "pkg:generic/curl.se/curl@7.86.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.86.0" } ], "aliases": [ "CVE-2022-32221" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdzf-3ydt-8bdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65700?format=api", "vulnerability_id": "VCID-cfry-nx5h-kudv", "summary": "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20718", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23916" }, { "reference_url": "https://curl.se/docs/CVE-2023-23916.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-23916.html" }, { "reference_url": "https://hackerone.com/reports/1826048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1826048" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371", "reference_id": "1031371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815", "reference_id": "2167815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1140", "reference_id": "RHSA-2023:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1701", "reference_id": "RHSA-2023:1701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1842", "reference_id": "RHSA-2023:1842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3460", "reference_id": "RHSA-2023:3460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4139", "reference_id": "RHSA-2023:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137948?format=api", "purl": "pkg:generic/curl.se/curl@7.88.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-kvmd-97y1-tbcz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0" } ], "aliases": [ "CVE-2023-23916" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfry-nx5h-kudv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53886?format=api", "vulnerability_id": "VCID-f7n8-zzhz-fuc8", "summary": "Improper Certificate Validation\ncurl is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8286.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8286.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8286", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00286", "scoring_system": "epss", "scoring_elements": "0.52333", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8286" }, { "reference_url": "https://hackerone.com/reports/1048457", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1048457" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906096", "reference_id": "1906096", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1906096" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977161", "reference_id": "977161", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977161" }, { "reference_url": "https://security.archlinux.org/AVG-1337", "reference_id": "AVG-1337", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1337" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8286", "reference_id": "CVE-2020-8286", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8286" }, { "reference_url": "https://curl.se/docs/CVE-2020-8286.html", "reference_id": "CVE-2020-8286.HTML", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2020-8286.html" }, { "reference_url": "https://security.gentoo.org/glsa/202012-14", "reference_id": "GLSA-202012-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1610", "reference_id": "RHSA-2021:1610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2471", "reference_id": "RHSA-2021:2471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2472", "reference_id": "RHSA-2021:2472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2472" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137929?format=api", "purl": "pkg:generic/curl.se/curl@7.74.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-cjyz-fdnv-b3g4" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.74.0" } ], "aliases": [ "CVE-2020-8286" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.7", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f7n8-zzhz-fuc8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61679?format=api", "vulnerability_id": "VCID-f9nm-d5ax-qkcb", "summary": "curl: libcurl: Credential leak via reused proxy connection during HTTP redirects", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6429.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6429.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-6429.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-6429.html" }, { "reference_url": "https://hackerone.com/reports/3677759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3677759" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461205", "reference_id": "2461205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-6429" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9nm-d5ax-qkcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5600?format=api", "vulnerability_id": "VCID-fhc8-r8gv-bugj", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22876.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22876.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22876", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00115", "scoring_system": "epss", "scoring_elements": "0.29799", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890" }, { "reference_url": "https://hackerone.com/reports/1101882", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1101882" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941964", "reference_id": "1941964", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1941964" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986269", "reference_id": "986269", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986269" }, { "reference_url": "https://security.archlinux.org/AVG-1753", "reference_id": "AVG-1753", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1753" }, { "reference_url": "https://security.archlinux.org/AVG-1754", "reference_id": "AVG-1754", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1754" }, { "reference_url": "https://security.archlinux.org/AVG-1755", "reference_id": "AVG-1755", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1755" }, { "reference_url": "https://security.archlinux.org/AVG-1756", "reference_id": "AVG-1756", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1756" }, { "reference_url": "https://security.archlinux.org/AVG-1757", "reference_id": "AVG-1757", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1757" }, { "reference_url": "https://security.archlinux.org/AVG-1758", "reference_id": "AVG-1758", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1758" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22876", "reference_id": "CVE-2021-22876", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22876" }, { "reference_url": "https://curl.se/docs/CVE-2021-22876.html", "reference_id": "CVE-2021-22876.HTML", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22876.html" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2471", "reference_id": "RHSA-2021:2471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2472", "reference_id": "RHSA-2021:2472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2472" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4511", "reference_id": "RHSA-2021:4511", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4511" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1354", "reference_id": "RHSA-2022:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1354" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137931?format=api", "purl": "pkg:generic/curl.se/curl@7.76.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-cjyz-fdnv-b3g4" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vgap-k5zw-9qbn" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.76.0" } ], "aliases": [ "CVE-2021-22876" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fhc8-r8gv-bugj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65705?format=api", "vulnerability_id": "VCID-g4n9-kg3s-pfcr", "summary": "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-28321.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28321.html" }, { "reference_url": "https://hackerone.com/reports/1950627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1950627" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786", "reference_id": "2196786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4354", "reference_id": "RHSA-2023:4354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4523", "reference_id": "RHSA-2023:4523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5598", "reference_id": "RHSA-2023:5598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6292", "reference_id": "RHSA-2023:6292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6292" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28321" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4n9-kg3s-pfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61678?format=api", "vulnerability_id": "VCID-g7ux-4vz2-ckfg", "summary": "curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5545.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5545.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-5545.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-5545.html" }, { "reference_url": "https://hackerone.com/reports/3642555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3642555" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461204", "reference_id": "2461204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-5545" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7ux-4vz2-ckfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53887?format=api", "vulnerability_id": "VCID-gud1-yg9u-zyfp", "summary": "Use After Free\nDue to use of a dangling pointer, libcurl can use the wrong connection when sending data.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8231.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8231.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8231", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36534", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8231" }, { "reference_url": "https://curl.se/docs/CVE-2020-8231.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2020-8231.html" }, { "reference_url": "https://hackerone.com/reports/948876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/948876" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868032", "reference_id": "1868032", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1868032" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968831", "reference_id": "968831", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968831" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8231", "reference_id": "CVE-2020-8231", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8231" }, { "reference_url": "https://security.gentoo.org/glsa/202012-14", "reference_id": "GLSA-202012-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1610", "reference_id": "RHSA-2021:1610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1610" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137926?format=api", "purl": "pkg:generic/curl.se/curl@7.72.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.72.0" } ], "aliases": [ "CVE-2020-8231" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gud1-yg9u-zyfp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44797?format=api", "vulnerability_id": "VCID-gueb-wzpx-ufb2", "summary": "Improper Authentication\nAn authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-27538.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27538.html" }, { "reference_url": "https://hackerone.com/reports/1898475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1898475" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179103", "reference_id": "2179103", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179103" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538", "reference_id": "CVE-2023-27538", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27538" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gueb-wzpx-ufb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5853?format=api", "vulnerability_id": "VCID-h6xj-mys4-pucf", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8177.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8177.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8177", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05244", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8177" }, { "reference_url": "https://curl.se/docs/CVE-2020-8177.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2020-8177.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8169" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8177" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8231" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8284" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22876" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22890" }, { "reference_url": "https://hackerone.com/reports/887462", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/887462" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847915", "reference_id": "1847915", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1847915" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965281", "reference_id": "965281", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=965281" }, { "reference_url": "https://security.archlinux.org/AVG-1194", "reference_id": "AVG-1194", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1194" }, { "reference_url": "https://security.gentoo.org/glsa/202007-16", "reference_id": "GLSA-202007-16", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202007-16" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:4599", "reference_id": "RHSA-2020:4599", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:4599" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5002", "reference_id": "RHSA-2020:5002", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5002" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:5417", "reference_id": "RHSA-2020:5417", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:5417" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:0949", "reference_id": "RHSA-2021:0949", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:0949" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137924?format=api", "purl": "pkg:generic/curl.se/curl@7.71.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.71.0" } ], "aliases": [ "CVE-2020-8177" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h6xj-mys4-pucf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65105?format=api", "vulnerability_id": "VCID-hhms-2hg6-nke9", "summary": "curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-3783.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-3783.html" }, { "reference_url": "https://hackerone.com/reports/3583983", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3583983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446450", "reference_id": "2446450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137979?format=api", "purl": "pkg:generic/curl.se/curl@8.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0" } ], "aliases": [ "CVE-2026-3783" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhms-2hg6-nke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6860?format=api", "vulnerability_id": "VCID-j688-cyfg-p7gu", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-22576.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22576", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00348", "scoring_system": "epss", "scoring_elements": "0.57608", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-22576" }, { "reference_url": "https://curl.se/docs/CVE-2022-22576.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-22576.html" }, { "reference_url": "https://hackerone.com/reports/1526328", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1526328" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010295", "reference_id": "1010295", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010295" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077541", "reference_id": "2077541", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2077541" }, { "reference_url": "https://security.archlinux.org/AVG-2685", "reference_id": "AVG-2685", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2685" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5245", "reference_id": "RHSA-2022:5245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5313", "reference_id": "RHSA-2022:5313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137941?format=api", "purl": "pkg:generic/curl.se/curl@7.83.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5m9y-9y57-kqg6" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hb4z-s871-d7ck" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-mqzd-mcw5-s3h6" }, { "vulnerability": "VCID-mray-vkqx-5ka7" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.83.0" } ], "aliases": [ "CVE-2022-22576" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-j688-cyfg-p7gu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65714?format=api", "vulnerability_id": "VCID-jnq1-hk6d-b3a3", "summary": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json" }, { "reference_url": "https://curl.se/docs/CVE-2024-2398.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2024-2398.html" }, { "reference_url": "https://hackerone.com/reports/2402845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2402845" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498", "reference_id": "2270498", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2693", "reference_id": "RHSA-2024:2693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2694", "reference_id": "RHSA-2024:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3998", "reference_id": "RHSA-2024:3998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5529", "reference_id": "RHSA-2024:5529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5654", "reference_id": "RHSA-2024:5654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7374", "reference_id": "RHSA-2024:7374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7374" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137961?format=api", "purl": "pkg:generic/curl.se/curl@8.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85ne-e7gm-5ua9" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.7.0" } ], "aliases": [ "CVE-2024-2398" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnq1-hk6d-b3a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4269?format=api", "vulnerability_id": "VCID-kae8-wmf2-2kf1", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000300.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000300.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000300", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00926", "scoring_system": "epss", "scoring_elements": "0.76419", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000300" }, { "reference_url": "https://curl.se/docs/CVE-2018-1000300.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-1000300.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000300", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000300" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575533", "reference_id": "1575533", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575533" }, { "reference_url": "https://security.archlinux.org/ASA-201805-13", "reference_id": "ASA-201805-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-13" }, { "reference_url": "https://security.archlinux.org/ASA-201805-14", "reference_id": "ASA-201805-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-14" }, { "reference_url": "https://security.archlinux.org/ASA-201805-15", "reference_id": "ASA-201805-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-15" }, { "reference_url": "https://security.archlinux.org/ASA-201805-16", "reference_id": "ASA-201805-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-16" }, { "reference_url": "https://security.archlinux.org/ASA-201805-17", "reference_id": "ASA-201805-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-17" }, { "reference_url": "https://security.archlinux.org/ASA-201805-18", "reference_id": "ASA-201805-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-18" }, { "reference_url": "https://security.archlinux.org/AVG-694", "reference_id": "AVG-694", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-694" }, { "reference_url": "https://security.archlinux.org/AVG-695", "reference_id": "AVG-695", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-695" }, { "reference_url": "https://security.archlinux.org/AVG-696", "reference_id": "AVG-696", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-696" }, { "reference_url": "https://security.archlinux.org/AVG-697", "reference_id": "AVG-697", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-697" }, { "reference_url": "https://security.archlinux.org/AVG-698", "reference_id": "AVG-698", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-698" }, { "reference_url": "https://security.archlinux.org/AVG-699", "reference_id": "AVG-699", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-699" }, { "reference_url": "https://security.gentoo.org/glsa/201806-05", "reference_id": "GLSA-201806-05", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201806-05" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137905?format=api", "purl": "pkg:generic/curl.se/curl@7.60.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p7mn-a632-c3ag" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-ubnn-z97k-47gw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.60.0" } ], "aliases": [ "CVE-2018-1000300" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kae8-wmf2-2kf1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6857?format=api", "vulnerability_id": "VCID-kkrm-dj79-4ucj", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27776.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27776", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00682", "scoring_system": "epss", "scoring_elements": "0.72016", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27776" }, { "reference_url": "https://curl.se/docs/CVE-2022-27776.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-27776.html" }, { "reference_url": "https://hackerone.com/reports/1547048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1547048" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010252", "reference_id": "1010252", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1010252" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078408", "reference_id": "2078408", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2078408" }, { "reference_url": "https://security.archlinux.org/AVG-2685", "reference_id": "AVG-2685", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2685" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5245", "reference_id": "RHSA-2022:5245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5313", "reference_id": "RHSA-2022:5313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137941?format=api", "purl": "pkg:generic/curl.se/curl@7.83.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5m9y-9y57-kqg6" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hb4z-s871-d7ck" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-mqzd-mcw5-s3h6" }, { "vulnerability": "VCID-mray-vkqx-5ka7" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.83.0" } ], "aliases": [ "CVE-2022-27776" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kkrm-dj79-4ucj" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65718?format=api", "vulnerability_id": "VCID-kq38-7s5x-nqaz", "summary": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json" }, { "reference_url": "https://curl.se/docs/CVE-2024-7264.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2024-7264.html" }, { "reference_url": "https://hackerone.com/reports/2629968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2629968" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656", "reference_id": "1077656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888", "reference_id": "2301888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7726", "reference_id": "RHSA-2024:7726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1671", "reference_id": "RHSA-2025:1671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1673", "reference_id": "RHSA-2025:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1673" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137965?format=api", "purl": "pkg:generic/curl.se/curl@8.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.9.1" } ], "aliases": [ "CVE-2024-7264" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kq38-7s5x-nqaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65689?format=api", "vulnerability_id": "VCID-msd2-35g9-nyd2", "summary": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8284.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8284.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8284", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00083", "scoring_system": "epss", "scoring_elements": "0.24269", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8284" }, { "reference_url": "https://curl.se/docs/CVE-2020-8284.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2020-8284.html" }, { "reference_url": "https://hackerone.com/reports/1040166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1040166" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902667", "reference_id": "1902667", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902667" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977163", "reference_id": "977163", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977163" }, { "reference_url": "https://security.archlinux.org/AVG-1337", "reference_id": "AVG-1337", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1337" }, { "reference_url": "https://security.gentoo.org/glsa/202012-14", "reference_id": "GLSA-202012-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1610", "reference_id": "RHSA-2021:1610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2471", "reference_id": "RHSA-2021:2471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2472", "reference_id": "RHSA-2021:2472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2472" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137929?format=api", "purl": "pkg:generic/curl.se/curl@7.74.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-cjyz-fdnv-b3g4" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.74.0" } ], "aliases": [ "CVE-2020-8284" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-msd2-35g9-nyd2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6278?format=api", "vulnerability_id": "VCID-p7mn-a632-c3ag", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0500.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-0500.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0500", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01242", "scoring_system": "epss", "scoring_elements": "0.796", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-0500" }, { "reference_url": "https://curl.se/docs/CVE-2018-0500.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-0500.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0500", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0500" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597101", "reference_id": "1597101", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597101" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903546", "reference_id": "903546", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=903546" }, { "reference_url": "https://security.archlinux.org/ASA-201807-10", "reference_id": "ASA-201807-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-10" }, { "reference_url": "https://security.archlinux.org/ASA-201807-5", "reference_id": "ASA-201807-5", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-5" }, { "reference_url": "https://security.archlinux.org/ASA-201807-6", "reference_id": "ASA-201807-6", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-6" }, { "reference_url": "https://security.archlinux.org/ASA-201807-7", "reference_id": "ASA-201807-7", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-7" }, { "reference_url": "https://security.archlinux.org/ASA-201807-8", "reference_id": "ASA-201807-8", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-8" }, { "reference_url": "https://security.archlinux.org/ASA-201807-9", "reference_id": "ASA-201807-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201807-9" }, { "reference_url": "https://security.archlinux.org/AVG-729", "reference_id": "AVG-729", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-729" }, { "reference_url": "https://security.archlinux.org/AVG-730", "reference_id": "AVG-730", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-730" }, { "reference_url": "https://security.archlinux.org/AVG-731", "reference_id": "AVG-731", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-731" }, { "reference_url": "https://security.archlinux.org/AVG-732", "reference_id": "AVG-732", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-732" }, { "reference_url": "https://security.archlinux.org/AVG-733", "reference_id": "AVG-733", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-733" }, { "reference_url": "https://security.archlinux.org/AVG-734", "reference_id": "AVG-734", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-734" }, { "reference_url": "https://security.gentoo.org/glsa/201807-04", "reference_id": "GLSA-201807-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201807-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137906?format=api", "purl": "pkg:generic/curl.se/curl@7.61.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-ubnn-z97k-47gw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.61.0" } ], "aliases": [ "CVE-2018-0500" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p7mn-a632-c3ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65682?format=api", "vulnerability_id": "VCID-p8vk-yf66-wbb7", "summary": "A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000121.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000121.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000121", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02668", "scoring_system": "epss", "scoring_elements": "0.86088", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000121" }, { "reference_url": "https://curl.se/docs/CVE-2018-1000121.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-1000121.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552631", "reference_id": "1552631", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552631" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546", "reference_id": "893546", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546" }, { "reference_url": "https://security.archlinux.org/ASA-201803-15", "reference_id": "ASA-201803-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-15" }, { "reference_url": "https://security.archlinux.org/ASA-201803-16", "reference_id": "ASA-201803-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-16" }, { "reference_url": "https://security.archlinux.org/ASA-201803-17", "reference_id": "ASA-201803-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-17" }, { "reference_url": "https://security.archlinux.org/ASA-201803-18", "reference_id": "ASA-201803-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-18" }, { "reference_url": "https://security.archlinux.org/ASA-201803-19", "reference_id": "ASA-201803-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-19" }, { "reference_url": "https://security.archlinux.org/ASA-201803-20", "reference_id": "ASA-201803-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-20" }, { "reference_url": "https://security.archlinux.org/AVG-653", "reference_id": "AVG-653", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-653" }, { "reference_url": "https://security.archlinux.org/AVG-654", "reference_id": "AVG-654", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-654" }, { "reference_url": "https://security.archlinux.org/AVG-655", "reference_id": "AVG-655", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-655" }, { "reference_url": "https://security.archlinux.org/AVG-656", "reference_id": "AVG-656", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-656" }, { "reference_url": "https://security.archlinux.org/AVG-660", "reference_id": "AVG-660", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-660" }, { "reference_url": "https://security.archlinux.org/AVG-661", "reference_id": "AVG-661", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-661" }, { "reference_url": "https://security.gentoo.org/glsa/201804-04", "reference_id": "GLSA-201804-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137904?format=api", "purl": "pkg:generic/curl.se/curl@7.59.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6745-tyba-33fa" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kae8-wmf2-2kf1" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p7mn-a632-c3ag" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-ubnn-z97k-47gw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.59.0" } ], "aliases": [ "CVE-2018-1000121" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p8vk-yf66-wbb7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65702?format=api", "vulnerability_id": "VCID-p97a-kjpp-f3d8", "summary": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-27534.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27534.html" }, { "reference_url": "https://hackerone.com/reports/1892351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1892351" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069", "reference_id": "2179069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27534" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p97a-kjpp-f3d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/53890?format=api", "vulnerability_id": "VCID-q46r-7nct-s3bw", "summary": "Out-of-bounds Write\ncurl is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8285.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8285.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8285", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00742", "scoring_system": "epss", "scoring_elements": "0.73342", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2020-8285" }, { "reference_url": "https://hackerone.com/reports/1045844", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1045844" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902687", "reference_id": "1902687", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1902687" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977162", "reference_id": "977162", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=977162" }, { "reference_url": "https://security.archlinux.org/AVG-1337", "reference_id": "AVG-1337", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1337" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8285", "reference_id": "CVE-2020-8285", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8285" }, { "reference_url": "https://curl.se/docs/CVE-2020-8285.html", "reference_id": "CVE-2020-8285.HTML", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2020-8285.html" }, { "reference_url": "https://security.gentoo.org/glsa/202012-14", "reference_id": "GLSA-202012-14", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202012-14" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:1610", "reference_id": "RHSA-2021:1610", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:1610" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2471", "reference_id": "RHSA-2021:2471", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2471" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:2472", "reference_id": "RHSA-2021:2472", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:2472" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137929?format=api", "purl": "pkg:generic/curl.se/curl@7.74.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-cjyz-fdnv-b3g4" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.74.0" } ], "aliases": [ "CVE-2020-8285" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q46r-7nct-s3bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/5243?format=api", "vulnerability_id": "VCID-q8tg-prj1-y7b8", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22946.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22946", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00063", "scoring_system": "epss", "scoring_elements": "0.1971", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22946" }, { "reference_url": "https://curl.se/docs/CVE-2021-22946.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22946.html" }, { "reference_url": "https://hackerone.com/reports/1334111", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1334111" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017589", "reference_id": "1017589", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1017589" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003175", "reference_id": "2003175", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2003175" }, { "reference_url": "https://security.archlinux.org/AVG-2384", "reference_id": "AVG-2384", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2384" }, { "reference_url": "https://security.archlinux.org/AVG-2385", "reference_id": "AVG-2385", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2385" }, { "reference_url": "https://security.archlinux.org/AVG-2386", "reference_id": "AVG-2386", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2386" }, { "reference_url": "https://security.archlinux.org/AVG-2387", "reference_id": "AVG-2387", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2387" }, { "reference_url": "https://security.archlinux.org/AVG-2388", "reference_id": "AVG-2388", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2388" }, { "reference_url": "https://security.archlinux.org/AVG-2389", "reference_id": "AVG-2389", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2389" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:4059", "reference_id": "RHSA-2021:4059", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:4059" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:0635", "reference_id": "RHSA-2022:0635", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:0635" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1354", "reference_id": "RHSA-2022:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1354" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137935?format=api", "purl": "pkg:generic/curl.se/curl@7.79.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.79.0" } ], "aliases": [ "CVE-2021-22946" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q8tg-prj1-y7b8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6152?format=api", "vulnerability_id": "VCID-qrnc-7ywu-37cz", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3822.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-3822.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3822", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.18518", "scoring_system": "epss", "scoring_elements": "0.95371", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-3822" }, { "reference_url": "https://curl.se/docs/CVE-2019-3822.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2019-3822.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16890" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3822" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-3823" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670254", "reference_id": "1670254", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1670254" }, { "reference_url": "https://security.archlinux.org/ASA-201902-10", "reference_id": "ASA-201902-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-10" }, { "reference_url": "https://security.archlinux.org/ASA-201902-11", "reference_id": "ASA-201902-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-11" }, { "reference_url": "https://security.archlinux.org/ASA-201902-12", "reference_id": "ASA-201902-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-12" }, { "reference_url": "https://security.archlinux.org/ASA-201902-13", "reference_id": "ASA-201902-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-13" }, { "reference_url": "https://security.archlinux.org/ASA-201902-9", "reference_id": "ASA-201902-9", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201902-9" }, { "reference_url": "https://security.archlinux.org/AVG-873", "reference_id": "AVG-873", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-873" }, { "reference_url": "https://security.archlinux.org/AVG-874", "reference_id": "AVG-874", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-874" }, { "reference_url": "https://security.archlinux.org/AVG-875", "reference_id": "AVG-875", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-875" }, { "reference_url": "https://security.archlinux.org/AVG-876", "reference_id": "AVG-876", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-876" }, { "reference_url": "https://security.archlinux.org/AVG-877", "reference_id": "AVG-877", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-877" }, { "reference_url": "https://security.gentoo.org/glsa/201903-03", "reference_id": "GLSA-201903-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:3701", "reference_id": "RHSA-2019:3701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:3701" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137911?format=api", "purl": "pkg:generic/curl.se/curl@7.64.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-fp66-fzqt-6yg7" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xc5k-47n9-43d6" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.64.0" } ], "aliases": [ "CVE-2019-3822" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qrnc-7ywu-37cz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65697?format=api", "vulnerability_id": "VCID-r2g9-c896-rkge", "summary": "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43552", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27848", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43552" }, { "reference_url": "https://curl.se/docs/CVE-2022-43552.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-43552.html" }, { "reference_url": "https://hackerone.com/reports/1764858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1764858" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830", "reference_id": "1026830", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652", "reference_id": "2152652", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2478", "reference_id": "RHSA-2023:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2963", "reference_id": "RHSA-2023:2963", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7743", "reference_id": "RHSA-2023:7743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137947?format=api", "purl": "pkg:generic/curl.se/curl@7.87.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.87.0" } ], "aliases": [ "CVE-2022-43552" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r2g9-c896-rkge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65680?format=api", "vulnerability_id": "VCID-raxd-4nxj-gkhp", "summary": "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000005.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000005.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000005", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00365", "scoring_system": "epss", "scoring_elements": "0.58816", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000005" }, { "reference_url": "https://curl.se/docs/CVE-2018-1000005.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-1000005.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536013", "reference_id": "1536013", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536013" }, { "reference_url": "https://security.archlinux.org/ASA-201801-20", "reference_id": "ASA-201801-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-20" }, { "reference_url": "https://security.archlinux.org/ASA-201801-22", "reference_id": "ASA-201801-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-22" }, { "reference_url": "https://security.archlinux.org/ASA-201801-23", "reference_id": "ASA-201801-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-23" }, { "reference_url": "https://security.archlinux.org/ASA-201801-24", "reference_id": "ASA-201801-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-24" }, { "reference_url": "https://security.archlinux.org/ASA-201801-25", "reference_id": "ASA-201801-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-25" }, { "reference_url": "https://security.archlinux.org/ASA-201801-26", "reference_id": "ASA-201801-26", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-26" }, { "reference_url": "https://security.archlinux.org/AVG-593", "reference_id": "AVG-593", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-593" }, { "reference_url": "https://security.archlinux.org/AVG-594", "reference_id": "AVG-594", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-594" }, { "reference_url": "https://security.archlinux.org/AVG-595", "reference_id": "AVG-595", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-595" }, { "reference_url": "https://security.archlinux.org/AVG-596", "reference_id": "AVG-596", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-596" }, { "reference_url": "https://security.archlinux.org/AVG-597", "reference_id": "AVG-597", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-597" }, { "reference_url": "https://security.archlinux.org/AVG-598", "reference_id": "AVG-598", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-598" }, { "reference_url": "https://security.gentoo.org/glsa/201804-04", "reference_id": "GLSA-201804-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137903?format=api", "purl": "pkg:generic/curl.se/curl@7.58.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5ujs-47hf-g7gj" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6745-tyba-33fa" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kae8-wmf2-2kf1" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p7mn-a632-c3ag" }, { "vulnerability": "VCID-p8vk-yf66-wbb7" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tn33-re3r-yfhw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.58.0" } ], "aliases": [ "CVE-2018-1000005" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-raxd-4nxj-gkhp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65681?format=api", "vulnerability_id": "VCID-rt5e-saz2-j7c9", "summary": "libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000007.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000007.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000007", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03854", "scoring_system": "epss", "scoring_elements": "0.88416", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000007" }, { "reference_url": "https://curl.se/docs/CVE-2018-1000007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-1000007.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000007" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537125", "reference_id": "1537125", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1537125" }, { "reference_url": "https://security.archlinux.org/ASA-201801-20", "reference_id": "ASA-201801-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-20" }, { "reference_url": "https://security.archlinux.org/ASA-201801-22", "reference_id": "ASA-201801-22", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-22" }, { "reference_url": "https://security.archlinux.org/ASA-201801-23", "reference_id": "ASA-201801-23", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-23" }, { "reference_url": "https://security.archlinux.org/ASA-201801-24", "reference_id": "ASA-201801-24", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-24" }, { "reference_url": "https://security.archlinux.org/ASA-201801-25", "reference_id": "ASA-201801-25", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-25" }, { "reference_url": "https://security.archlinux.org/ASA-201801-26", "reference_id": "ASA-201801-26", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201801-26" }, { "reference_url": "https://security.archlinux.org/AVG-593", "reference_id": "AVG-593", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-593" }, { "reference_url": "https://security.archlinux.org/AVG-594", "reference_id": "AVG-594", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-594" }, { "reference_url": "https://security.archlinux.org/AVG-595", "reference_id": "AVG-595", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-595" }, { "reference_url": "https://security.archlinux.org/AVG-596", "reference_id": "AVG-596", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-596" }, { "reference_url": "https://security.archlinux.org/AVG-597", "reference_id": "AVG-597", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-597" }, { "reference_url": "https://security.archlinux.org/AVG-598", "reference_id": "AVG-598", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-598" }, { "reference_url": "https://security.gentoo.org/glsa/201804-04", "reference_id": "GLSA-201804-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137903?format=api", "purl": "pkg:generic/curl.se/curl@7.58.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5ujs-47hf-g7gj" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6745-tyba-33fa" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kae8-wmf2-2kf1" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p7mn-a632-c3ag" }, { "vulnerability": "VCID-p8vk-yf66-wbb7" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tn33-re3r-yfhw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.58.0" } ], "aliases": [ "CVE-2018-1000007" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-rt5e-saz2-j7c9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61673?format=api", "vulnerability_id": "VCID-secz-78pt-dben", "summary": "curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6253.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6253.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-6253.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-6253.html" }, { "reference_url": "https://hackerone.com/reports/3669637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3669637" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461202", "reference_id": "2461202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-6253" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-secz-78pt-dben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65706?format=api", "vulnerability_id": "VCID-sutv-qt2x-2yc7", "summary": "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-28322.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28322.html" }, { "reference_url": "https://hackerone.com/reports/1954658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1954658" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793", "reference_id": "2196793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4354", "reference_id": "RHSA-2023:4354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5598", "reference_id": "RHSA-2023:5598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0585", "reference_id": "RHSA-2024:0585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1601", "reference_id": "RHSA-2024:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2092", "reference_id": "RHSA-2024:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2093", "reference_id": "RHSA-2024:2093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2093" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28322" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sutv-qt2x-2yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6089?format=api", "vulnerability_id": "VCID-tcxd-z7f3-kkes", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5436.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5436.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5436", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.15484", "scoring_system": "epss", "scoring_elements": "0.94788", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5436" }, { "reference_url": "https://curl.se/docs/CVE-2019-5436.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2019-5436.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5436" }, { "reference_url": "https://hackerone.com/reports/550696", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/550696" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710620", "reference_id": "1710620", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1710620" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929351", "reference_id": "929351", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=929351" }, { "reference_url": "https://security.archlinux.org/ASA-201905-11", "reference_id": "ASA-201905-11", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201905-11" }, { "reference_url": "https://security.archlinux.org/ASA-201905-12", "reference_id": "ASA-201905-12", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201905-12" }, { "reference_url": "https://security.archlinux.org/ASA-201905-13", "reference_id": "ASA-201905-13", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201905-13" }, { "reference_url": "https://security.archlinux.org/ASA-201905-14", "reference_id": "ASA-201905-14", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201905-14" }, { "reference_url": "https://security.archlinux.org/ASA-201905-15", "reference_id": "ASA-201905-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201905-15" }, { "reference_url": "https://security.archlinux.org/ASA-201905-16", "reference_id": "ASA-201905-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201905-16" }, { "reference_url": "https://security.archlinux.org/AVG-959", "reference_id": "AVG-959", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-959" }, { "reference_url": "https://security.archlinux.org/AVG-960", "reference_id": "AVG-960", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-960" }, { "reference_url": "https://security.archlinux.org/AVG-961", "reference_id": "AVG-961", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-961" }, { "reference_url": "https://security.archlinux.org/AVG-962", "reference_id": "AVG-962", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-962" }, { "reference_url": "https://security.archlinux.org/AVG-963", "reference_id": "AVG-963", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-963" }, { "reference_url": "https://security.archlinux.org/AVG-964", "reference_id": "AVG-964", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-964" }, { "reference_url": "https://security.gentoo.org/glsa/202003-29", "reference_id": "GLSA-202003-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1020", "reference_id": "RHSA-2020:1020", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1020" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1792", "reference_id": "RHSA-2020:1792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1792" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:2505", "reference_id": "RHSA-2020:2505", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:2505" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137913?format=api", "purl": "pkg:generic/curl.se/curl@7.65.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-fp66-fzqt-6yg7" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.65.0" } ], "aliases": [ "CVE-2019-5436" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tcxd-z7f3-kkes" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/7241?format=api", "vulnerability_id": "VCID-td39-d3tf-vkhc", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22924.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22924.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22924", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0056", "scoring_system": "epss", "scoring_elements": "0.68641", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2021-22924" }, { "reference_url": "https://curl.se/docs/CVE-2021-22924.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2021-22924.html" }, { "reference_url": "https://hackerone.com/reports/1223565", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1223565" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981460", "reference_id": "1981460", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1981460" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991492", "reference_id": "991492", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=991492" }, { "reference_url": "https://security.archlinux.org/ASA-202107-59", "reference_id": "ASA-202107-59", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-59" }, { "reference_url": "https://security.archlinux.org/ASA-202107-60", "reference_id": "ASA-202107-60", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-60" }, { "reference_url": "https://security.archlinux.org/ASA-202107-61", "reference_id": "ASA-202107-61", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-61" }, { "reference_url": "https://security.archlinux.org/ASA-202107-62", "reference_id": "ASA-202107-62", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-62" }, { "reference_url": "https://security.archlinux.org/ASA-202107-63", "reference_id": "ASA-202107-63", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-63" }, { "reference_url": "https://security.archlinux.org/ASA-202107-64", "reference_id": "ASA-202107-64", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-202107-64" }, { "reference_url": "https://security.archlinux.org/AVG-2194", "reference_id": "AVG-2194", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2194" }, { "reference_url": "https://security.archlinux.org/AVG-2195", "reference_id": "AVG-2195", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2195" }, { "reference_url": "https://security.archlinux.org/AVG-2196", "reference_id": "AVG-2196", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2196" }, { "reference_url": "https://security.archlinux.org/AVG-2197", "reference_id": "AVG-2197", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2197" }, { "reference_url": "https://security.archlinux.org/AVG-2198", "reference_id": "AVG-2198", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2198" }, { "reference_url": "https://security.archlinux.org/AVG-2199", "reference_id": "AVG-2199", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2199" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22924", "reference_id": "CVE-2021-22924", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-22924" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2021:3582", "reference_id": "RHSA-2021:3582", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2021:3582" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:1354", "reference_id": "RHSA-2022:1354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:1354" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137934?format=api", "purl": "pkg:generic/curl.se/curl@7.78.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-cjyz-fdnv-b3g4" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.78.0" } ], "aliases": [ "CVE-2021-22924" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-td39-d3tf-vkhc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43999?format=api", "vulnerability_id": "VCID-tn33-re3r-yfhw", "summary": "Out-of-bounds Write\nA buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHBA-2019:0327", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHBA-2019:0327" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3157", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:3558", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:3558" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:1543", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2019:1543" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0544", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0544" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0594", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2020:0594" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000120.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.4", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-1000120.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000120", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01298", "scoring_system": "epss", "scoring_elements": "0.80056", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-1000120" }, { "reference_url": "https://curl.haxx.se/docs/adv_2018-9cd6.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://curl.haxx.se/docs/adv_2018-9cd6.html" }, { "reference_url": "https://github.com/coapp-packages/curl", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/coapp-packages/curl" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/03/msg00012.html" }, { "reference_url": "https://usn.ubuntu.com/3598-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3598-1" }, { "reference_url": "https://usn.ubuntu.com/3598-1/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3598-1/" }, { "reference_url": "https://usn.ubuntu.com/3598-2", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3598-2" }, { "reference_url": "https://usn.ubuntu.com/3598-2/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3598-2/" }, { "reference_url": "https://web.archive.org/web/20201220134105/http://www.securitytracker.com/id/1040531", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201220134105/http://www.securitytracker.com/id/1040531" }, { "reference_url": "https://web.archive.org/web/20201220134609/http://www.securityfocus.com/bid/103414", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://web.archive.org/web/20201220134609/http://www.securityfocus.com/bid/103414" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4136", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4136" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" }, { "reference_url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html" }, { "reference_url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552628", "reference_id": "1552628", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552628" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546", "reference_id": "893546", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=893546" }, { "reference_url": "https://security.archlinux.org/ASA-201803-15", "reference_id": "ASA-201803-15", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-15" }, { "reference_url": "https://security.archlinux.org/ASA-201803-16", "reference_id": "ASA-201803-16", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-16" }, { "reference_url": "https://security.archlinux.org/ASA-201803-17", "reference_id": "ASA-201803-17", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-17" }, { "reference_url": "https://security.archlinux.org/ASA-201803-18", "reference_id": "ASA-201803-18", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-18" }, { "reference_url": "https://security.archlinux.org/ASA-201803-19", "reference_id": "ASA-201803-19", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-19" }, { "reference_url": "https://security.archlinux.org/ASA-201803-20", "reference_id": "ASA-201803-20", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201803-20" }, { "reference_url": "https://security.archlinux.org/AVG-653", "reference_id": "AVG-653", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-653" }, { "reference_url": "https://security.archlinux.org/AVG-654", "reference_id": "AVG-654", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-654" }, { "reference_url": "https://security.archlinux.org/AVG-655", "reference_id": "AVG-655", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-655" }, { "reference_url": "https://security.archlinux.org/AVG-656", "reference_id": "AVG-656", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-656" }, { "reference_url": "https://security.archlinux.org/AVG-660", "reference_id": "AVG-660", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-660" }, { "reference_url": "https://security.archlinux.org/AVG-661", "reference_id": "AVG-661", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-661" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000120", "reference_id": "CVE-2018-1000120", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000120" }, { "reference_url": "https://curl.se/docs/CVE-2018-1000120.html", "reference_id": "CVE-2018-1000120.HTML", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "CRITICAL", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-1000120.html" }, { "reference_url": "https://github.com/advisories/GHSA-674j-7m97-j2p9", "reference_id": "GHSA-674j-7m97-j2p9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-674j-7m97-j2p9" }, { "reference_url": "https://security.gentoo.org/glsa/201804-04", "reference_id": "GLSA-201804-04", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201804-04" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137904?format=api", "purl": "pkg:generic/curl.se/curl@7.59.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6745-tyba-33fa" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kae8-wmf2-2kf1" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p7mn-a632-c3ag" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-ubnn-z97k-47gw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.59.0" } ], "aliases": [ "CVE-2018-1000120", "GHSA-674j-7m97-j2p9" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-tn33-re3r-yfhw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65686?format=api", "vulnerability_id": "VCID-uj78-2cgz-zbdb", "summary": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5481.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5481.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5481", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03612", "scoring_system": "epss", "scoring_elements": "0.87996", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-5481" }, { "reference_url": "https://curl.se/docs/CVE-2019-5481.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2019-5481.html" }, { "reference_url": "https://hackerone.com/reports/686823", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/686823" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749402", "reference_id": "1749402", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1749402" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940009", "reference_id": "940009", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=940009" }, { "reference_url": "https://security.archlinux.org/AVG-1982", "reference_id": "AVG-1982", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-1982" }, { "reference_url": "https://security.gentoo.org/glsa/202003-29", "reference_id": "GLSA-202003-29", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202003-29" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:0250", "reference_id": "RHSA-2020:0250", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:0250" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2020:1792", "reference_id": "RHSA-2020:1792", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2020:1792" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137917?format=api", "purl": "pkg:generic/curl.se/curl@7.66.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-fp66-fzqt-6yg7" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kn6z-caj8-bbc9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-urgp-rqyc-sqer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.66.0" } ], "aliases": [ "CVE-2019-5481" ], "risk_score": 3.1, "exploitability": "0.5", "weighted_severity": "6.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uj78-2cgz-zbdb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6850?format=api", "vulnerability_id": "VCID-vpkr-9akj-hbf6", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27782.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27782", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00469", "scoring_system": "epss", "scoring_elements": "0.64872", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27782" }, { "reference_url": "https://curl.se/docs/CVE-2022-27782.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-27782.html" }, { "reference_url": "https://hackerone.com/reports/1555796", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1555796" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082215", "reference_id": "2082215", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082215" }, { "reference_url": "https://security.archlinux.org/AVG-2706", "reference_id": "AVG-2706", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2706" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5245", "reference_id": "RHSA-2022:5245", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5245" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:5313", "reference_id": "RHSA-2022:5313", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:5313" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137942?format=api", "purl": "pkg:generic/curl.se/curl@7.83.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.83.1" } ], "aliases": [ "CVE-2022-27782" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vpkr-9akj-hbf6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4858?format=api", "vulnerability_id": "VCID-w472-84ep-fkdx", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json" }, { "reference_url": "https://hackerone.com/reports/2148242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2148242" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241938", "reference_id": "2241938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241938" }, { "reference_url": "https://security.archlinux.org/AVG-2845", "reference_id": "AVG-2845", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2845" }, { "reference_url": "https://security.archlinux.org/AVG-2846", "reference_id": "AVG-2846", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2846" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546", "reference_id": "CVE-2023-38546", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546" }, { "reference_url": "https://curl.se/docs/CVE-2023-38546.html", "reference_id": "CVE-2023-38546.HTML", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-38546.html" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5700", "reference_id": "RHSA-2023:5700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5763", "reference_id": "RHSA-2023:5763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6292", "reference_id": "RHSA-2023:6292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6745", "reference_id": "RHSA-2023:6745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7540", "reference_id": "RHSA-2023:7540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7540" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7625", "reference_id": "RHSA-2023:7625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1601", "reference_id": "RHSA-2024:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2092", "reference_id": "RHSA-2024:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2093", "reference_id": "RHSA-2024:2093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2101", "reference_id": "RHSA-2024:2101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2101" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137958?format=api", "purl": "pkg:generic/curl.se/curl@8.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.4.0" } ], "aliases": [ "CVE-2023-38546" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w472-84ep-fkdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61670?format=api", "vulnerability_id": "VCID-w8ff-vxga-8qcz", "summary": "curl: curl: Information disclosure due to incorrect TLS connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4873.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4873.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-4873.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-4873.html" }, { "reference_url": "https://hackerone.com/reports/3621851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3621851" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461200", "reference_id": "2461200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-4873" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ff-vxga-8qcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3554?format=api", "vulnerability_id": "VCID-wbwx-5vg3-uqcd", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32206.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32206", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.03367", "scoring_system": "epss", "scoring_elements": "0.87578", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32206" }, { "reference_url": "https://curl.se/docs/CVE-2022-32206.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-32206.html" }, { "reference_url": "https://hackerone.com/reports/1570651", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1570651" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099300", "reference_id": "2099300", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099300" }, { "reference_url": "https://security.archlinux.org/AVG-2817", "reference_id": "AVG-2817", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2817" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6157", "reference_id": "RHSA-2022:6157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6159", "reference_id": "RHSA-2022:6159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3460", "reference_id": "RHSA-2023:3460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3460" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137943?format=api", "purl": "pkg:generic/curl.se/curl@7.84.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-mpuf-pp6z-q3d6" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.84.0" } ], "aliases": [ "CVE-2022-32206" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wbwx-5vg3-uqcd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65708?format=api", "vulnerability_id": "VCID-wmam-qmmg-6uay", "summary": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-46218.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-46218.html" }, { "reference_url": "https://hackerone.com/reports/2212193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2212193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646", "reference_id": "1057646", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252030", "reference_id": "2252030", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252030" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0434", "reference_id": "RHSA-2024:0434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0452", "reference_id": "RHSA-2024:0452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0585", "reference_id": "RHSA-2024:0585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1129", "reference_id": "RHSA-2024:1129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1316", "reference_id": "RHSA-2024:1316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1317", "reference_id": "RHSA-2024:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1601", "reference_id": "RHSA-2024:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2092", "reference_id": "RHSA-2024:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2093", "reference_id": "RHSA-2024:2093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2094", "reference_id": "RHSA-2024:2094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2094" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137959?format=api", "purl": "pkg:generic/curl.se/curl@8.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-h7v8-bg58-mkhu" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-ke97-b9rb-5bfd" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.5.0" } ], "aliases": [ "CVE-2023-46218" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmam-qmmg-6uay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/3552?format=api", "vulnerability_id": "VCID-xgj8-zrta-kub9", "summary": "", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32208.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32208", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0016", "scoring_system": "epss", "scoring_elements": "0.36635", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32208" }, { "reference_url": "https://curl.se/docs/CVE-2022-32208.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-32208.html" }, { "reference_url": "https://hackerone.com/reports/1590071", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1590071" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099306", "reference_id": "2099306", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099306" }, { "reference_url": "https://security.archlinux.org/AVG-2817", "reference_id": "AVG-2817", "reference_type": "", "scores": [ { "value": "Unknown", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2817" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6157", "reference_id": "RHSA-2022:6157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6157" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:6159", "reference_id": "RHSA-2022:6159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:6159" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137943?format=api", "purl": "pkg:generic/curl.se/curl@7.84.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-mpuf-pp6z-q3d6" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.84.0" } ], "aliases": [ "CVE-2022-32208" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xgj8-zrta-kub9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65719?format=api", "vulnerability_id": "VCID-y41p-tgpa-m7cs", "summary": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json" }, { "reference_url": "https://curl.se/docs/CVE-2024-8096.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2024-8096.html" }, { "reference_url": "https://hackerone.com/reports/2669852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2669852" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310519", "reference_id": "2310519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310519" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137966?format=api", "purl": "pkg:generic/curl.se/curl@8.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.10.0" } ], "aliases": [ "CVE-2024-8096" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y41p-tgpa-m7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65103?format=api", "vulnerability_id": "VCID-y44u-23he-aya8", "summary": "curl: curl: Unauthorized access due to improper HTTP proxy connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-3784.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-3784.html" }, { "reference_url": "https://hackerone.com/reports/3584903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3584903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446449", "reference_id": "2446449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137979?format=api", "purl": "pkg:generic/curl.se/curl@8.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0" } ], "aliases": [ "CVE-2026-3784" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y44u-23he-aya8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6851?format=api", "vulnerability_id": "VCID-yjtj-ydsg-u7ca", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27781.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27781.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27781", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00077", "scoring_system": "epss", "scoring_elements": "0.23073", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-27781" }, { "reference_url": "https://curl.se/docs/CVE-2022-27781.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-27781.html" }, { "reference_url": "https://hackerone.com/reports/1555441", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1555441" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082204", "reference_id": "2082204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2082204" }, { "reference_url": "https://security.archlinux.org/AVG-2706", "reference_id": "AVG-2706", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2706" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137942?format=api", "purl": "pkg:generic/curl.se/curl@7.83.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7z3h-9pk3-rqct" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tzs5-qzhn-rqbk" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.83.1" } ], "aliases": [ "CVE-2022-27781" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yjtj-ydsg-u7ca" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6218?format=api", "vulnerability_id": "VCID-zg98-v6dj-s7gv", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16842.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-16842.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16842", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00162", "scoring_system": "epss", "scoring_elements": "0.36852", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-16842" }, { "reference_url": "https://curl.se/docs/CVE-2018-16842.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2018-16842.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16839" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16842" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644124", "reference_id": "1644124", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1644124" }, { "reference_url": "https://security.archlinux.org/ASA-201811-4", "reference_id": "ASA-201811-4", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201811-4" }, { "reference_url": "https://security.archlinux.org/AVG-795", "reference_id": "AVG-795", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-795" }, { "reference_url": "https://security.gentoo.org/glsa/201903-03", "reference_id": "GLSA-201903-03", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/201903-03" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2019:2181", "reference_id": "RHSA-2019:2181", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2019:2181" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137908?format=api", "purl": "pkg:generic/curl.se/curl@7.62.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-byzw-xw9s-pkga" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-fp66-fzqt-6yg7" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xc5k-47n9-43d6" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.62.0" } ], "aliases": [ "CVE-2018-16842" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zg98-v6dj-s7gv" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6395?format=api", "vulnerability_id": "VCID-7jrx-ykk8-h3gp", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8817.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8817.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8817", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00735", "scoring_system": "epss", "scoring_elements": "0.73169", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8817" }, { "reference_url": "https://curl.se/docs/CVE-2017-8817.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2017-8817.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515760", "reference_id": "1515760", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515760" }, { "reference_url": "https://security.archlinux.org/ASA-201711-33", "reference_id": "ASA-201711-33", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-33" }, { "reference_url": "https://security.archlinux.org/ASA-201711-34", "reference_id": "ASA-201711-34", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-34" }, { "reference_url": "https://security.archlinux.org/ASA-201711-35", "reference_id": "ASA-201711-35", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-35" }, { "reference_url": "https://security.archlinux.org/ASA-201711-36", "reference_id": "ASA-201711-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-36" }, { "reference_url": "https://security.archlinux.org/ASA-201711-37", "reference_id": "ASA-201711-37", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-37" }, { "reference_url": "https://security.archlinux.org/ASA-201711-38", "reference_id": "ASA-201711-38", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-38" }, { "reference_url": "https://security.archlinux.org/AVG-521", "reference_id": "AVG-521", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-521" }, { "reference_url": "https://security.archlinux.org/AVG-522", "reference_id": "AVG-522", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-522" }, { "reference_url": "https://security.archlinux.org/AVG-523", "reference_id": "AVG-523", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-523" }, { "reference_url": "https://security.archlinux.org/AVG-524", "reference_id": "AVG-524", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-524" }, { "reference_url": "https://security.archlinux.org/AVG-525", "reference_id": "AVG-525", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-525" }, { "reference_url": "https://security.archlinux.org/AVG-526", "reference_id": "AVG-526", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-526" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137901?format=api", "purl": "pkg:generic/curl.se/curl@7.57.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5ujs-47hf-g7gj" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6745-tyba-33fa" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kae8-wmf2-2kf1" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p7mn-a632-c3ag" }, { "vulnerability": "VCID-p8vk-yf66-wbb7" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-raxd-4nxj-gkhp" }, { "vulnerability": "VCID-rt5e-saz2-j7c9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tn33-re3r-yfhw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.57.0" } ], "aliases": [ "CVE-2017-8817" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7jrx-ykk8-h3gp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6393?format=api", "vulnerability_id": "VCID-dj48-3dkt-dbdh", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8818.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8818.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8818", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00825", "scoring_system": "epss", "scoring_elements": "0.74821", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8818" }, { "reference_url": "https://curl.se/docs/CVE-2017-8818.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2017-8818.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8818" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517691", "reference_id": "1517691", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517691" }, { "reference_url": "https://security.archlinux.org/ASA-201711-36", "reference_id": "ASA-201711-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-36" }, { "reference_url": "https://security.archlinux.org/ASA-201711-37", "reference_id": "ASA-201711-37", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-37" }, { "reference_url": "https://security.archlinux.org/ASA-201711-38", "reference_id": "ASA-201711-38", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-38" }, { "reference_url": "https://security.archlinux.org/AVG-521", "reference_id": "AVG-521", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-521" }, { "reference_url": "https://security.archlinux.org/AVG-522", "reference_id": "AVG-522", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-522" }, { "reference_url": "https://security.archlinux.org/AVG-523", "reference_id": "AVG-523", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-523" }, { "reference_url": "https://security.archlinux.org/AVG-527", "reference_id": "AVG-527", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-527" }, { "reference_url": "https://security.archlinux.org/AVG-528", "reference_id": "AVG-528", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-528" }, { "reference_url": "https://security.archlinux.org/AVG-529", "reference_id": "AVG-529", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-529" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137901?format=api", "purl": "pkg:generic/curl.se/curl@7.57.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5ujs-47hf-g7gj" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6745-tyba-33fa" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kae8-wmf2-2kf1" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p7mn-a632-c3ag" }, { "vulnerability": "VCID-p8vk-yf66-wbb7" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-raxd-4nxj-gkhp" }, { "vulnerability": "VCID-rt5e-saz2-j7c9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tn33-re3r-yfhw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.57.0" } ], "aliases": [ "CVE-2017-8818" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dj48-3dkt-dbdh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/6394?format=api", "vulnerability_id": "VCID-f8vu-23bb-5ue7", "summary": "arbitrary code execution", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8816.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-8816.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8816", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00454", "scoring_system": "epss", "scoring_elements": "0.64147", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2017-8816" }, { "reference_url": "https://curl.se/docs/CVE-2017-8816.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2017-8816.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8816" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8817" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515757", "reference_id": "1515757", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515757" }, { "reference_url": "https://security.archlinux.org/ASA-201711-36", "reference_id": "ASA-201711-36", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-36" }, { "reference_url": "https://security.archlinux.org/ASA-201711-37", "reference_id": "ASA-201711-37", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-37" }, { "reference_url": "https://security.archlinux.org/ASA-201711-38", "reference_id": "ASA-201711-38", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201711-38" }, { "reference_url": "https://security.archlinux.org/AVG-521", "reference_id": "AVG-521", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-521" }, { "reference_url": "https://security.archlinux.org/AVG-522", "reference_id": "AVG-522", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-522" }, { "reference_url": "https://security.archlinux.org/AVG-523", "reference_id": "AVG-523", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-523" }, { "reference_url": "https://security.archlinux.org/AVG-527", "reference_id": "AVG-527", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-527" }, { "reference_url": "https://security.archlinux.org/AVG-528", "reference_id": "AVG-528", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-528" }, { "reference_url": "https://security.archlinux.org/AVG-529", "reference_id": "AVG-529", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-529" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137901?format=api", "purl": "pkg:generic/curl.se/curl@7.57.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-18p4-rvxz-pkeu" }, { "vulnerability": "VCID-1a1k-d4ez-ybdu" }, { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1kpz-55f1-f7dj" }, { "vulnerability": "VCID-1m1w-rayk-sffe" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-27bv-f11z-myak" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3ws4-1sak-r3ck" }, { "vulnerability": "VCID-4hha-2z31-2bf8" }, { "vulnerability": "VCID-4zcd-rbx3-qye5" }, { "vulnerability": "VCID-58p5-pfy3-xug1" }, { "vulnerability": "VCID-5ujs-47hf-g7gj" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6745-tyba-33fa" }, { "vulnerability": "VCID-738z-myg9-37hr" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-7yvu-s3p2-sfhc" }, { "vulnerability": "VCID-a58z-fu87-9ybs" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-am31-t2h3-zbgw" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bb6v-z8yg-6fe3" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f7n8-zzhz-fuc8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fhc8-r8gv-bugj" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gud1-yg9u-zyfp" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h6xj-mys4-pucf" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-j688-cyfg-p7gu" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kae8-wmf2-2kf1" }, { "vulnerability": "VCID-kkrm-dj79-4ucj" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-msd2-35g9-nyd2" }, { "vulnerability": "VCID-p7mn-a632-c3ag" }, { "vulnerability": "VCID-p8vk-yf66-wbb7" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-q46r-7nct-s3bw" }, { "vulnerability": "VCID-q8tg-prj1-y7b8" }, { "vulnerability": "VCID-qrnc-7ywu-37cz" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-raxd-4nxj-gkhp" }, { "vulnerability": "VCID-rt5e-saz2-j7c9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-tcxd-z7f3-kkes" }, { "vulnerability": "VCID-td39-d3tf-vkhc" }, { "vulnerability": "VCID-tn33-re3r-yfhw" }, { "vulnerability": "VCID-uj78-2cgz-zbdb" }, { "vulnerability": "VCID-vpkr-9akj-hbf6" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wbwx-5vg3-uqcd" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-xgj8-zrta-kub9" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" }, { "vulnerability": "VCID-yjtj-ydsg-u7ca" }, { "vulnerability": "VCID-zg98-v6dj-s7gv" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.57.0" } ], "aliases": [ "CVE-2017-8816" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f8vu-23bb-5ue7" } ], "risk_score": "4.5", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.57.0" }