Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/137945?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/137945?format=api", "purl": "pkg:generic/curl.se/curl@7.85.0", "type": "generic", "namespace": "curl.se", "name": "curl", "version": "7.85.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "8.20.0", "latest_non_vulnerable_version": "8.20.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65724?format=api", "vulnerability_id": "VCID-1dw3-33ju-jkbs", "summary": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json" }, { "reference_url": "https://curl.se/docs/CVE-2025-0725.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2025-0725.html" }, { "reference_url": "https://hackerone.com/reports/2956023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2956023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343899", "reference_id": "2343899", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343899" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137970?format=api", "purl": "pkg:generic/curl.se/curl@8.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-ezve-gc2h-qyga" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.0" } ], "aliases": [ "CVE-2025-0725" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1dw3-33ju-jkbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44796?format=api", "vulnerability_id": "VCID-1zsv-4jdy-63en", "summary": "Improper Authentication\nAn authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-27536.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27536.html" }, { "reference_url": "https://hackerone.com/reports/1895135", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1895135" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179092", "reference_id": "2179092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179092" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536", "reference_id": "CVE-2023-27536", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4523", "reference_id": "RHSA-2023:4523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27536" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1zsv-4jdy-63en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65730?format=api", "vulnerability_id": "VCID-21ff-tazv-9ud3", "summary": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json" }, { "reference_url": "https://curl.se/docs/CVE-2025-14524.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2025-14524.html" }, { "reference_url": "https://hackerone.com/reports/3459417", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3459417" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426407", "reference_id": "2426407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426407" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-14524" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-21ff-tazv-9ud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65698?format=api", "vulnerability_id": "VCID-287k-bzqy-n7ag", "summary": "A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23914.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23914.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23914", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29098", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23914" }, { "reference_url": "https://curl.se/docs/CVE-2023-23914.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-23914.html" }, { "reference_url": "https://hackerone.com/reports/1813864", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1813864" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371", "reference_id": "1031371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167797", "reference_id": "2167797", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167797" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137948?format=api", "purl": "pkg:generic/curl.se/curl@7.88.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-kvmd-97y1-tbcz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0" } ], "aliases": [ "CVE-2023-23914" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-287k-bzqy-n7ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65106?format=api", "vulnerability_id": "VCID-39qh-jayw-g3dh", "summary": "curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-1965.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-1965.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446448", "reference_id": "2446448", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446448" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137979?format=api", "purl": "pkg:generic/curl.se/curl@8.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0" } ], "aliases": [ "CVE-2026-1965" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39qh-jayw-g3dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65722?format=api", "vulnerability_id": "VCID-3p2z-61gq-muhs", "summary": "When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.", "references": [ { "reference_url": "https://curl.se/docs/CVE-2025-0167.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2025-0167.html" }, { "reference_url": "https://hackerone.com/reports/2917232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2917232" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137970?format=api", "purl": "pkg:generic/curl.se/curl@8.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-ezve-gc2h-qyga" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.0" } ], "aliases": [ "CVE-2025-0167" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3p2z-61gq-muhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61672?format=api", "vulnerability_id": "VCID-5un8-xymy-37bt", "summary": "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5773.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-5773.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-5773.html" }, { "reference_url": "https://hackerone.com/reports/3650689", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3650689" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461201", "reference_id": "2461201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461201" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-5773" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5un8-xymy-37bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65703?format=api", "vulnerability_id": "VCID-6en5-etsd-2bce", "summary": "A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-28319.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28319.html" }, { "reference_url": "https://hackerone.com/reports/1913733", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1913733" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778", "reference_id": "2196778", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28319" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6en5-etsd-2bce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65721?format=api", "vulnerability_id": "VCID-6ggz-pa5t-77c4", "summary": "When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://example.com` until the (wrongly set) timeout expires. This bug can also expire the parent's entry *earlier*, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json" }, { "reference_url": "https://curl.se/docs/CVE-2024-9681.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2024-9681.html" }, { "reference_url": "https://hackerone.com/reports/2764830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2764830" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086804", "reference_id": "1086804", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322969", "reference_id": "2322969", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322969" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137968?format=api", "purl": "pkg:generic/curl.se/curl@8.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-ezve-gc2h-qyga" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.11.0" } ], "aliases": [ "CVE-2024-9681" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ggz-pa5t-77c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65729?format=api", "vulnerability_id": "VCID-7wqd-99h2-e7hk", "summary": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json" }, { "reference_url": "https://curl.se/docs/CVE-2025-14017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2025-14017.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427870", "reference_id": "2427870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427870" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-14017" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wqd-99h2-e7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65709?format=api", "vulnerability_id": "VCID-85qb-zec7-subc", "summary": "When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46219.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46219.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-46219.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-46219.html" }, { "reference_url": "https://hackerone.com/reports/2236133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2236133" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057645", "reference_id": "1057645", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057645" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252034", "reference_id": "2252034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252034" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1316", "reference_id": "RHSA-2024:1316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1317", "reference_id": "RHSA-2024:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1317" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137959?format=api", "purl": "pkg:generic/curl.se/curl@8.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-h7v8-bg58-mkhu" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-ke97-b9rb-5bfd" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.5.0" } ], "aliases": [ "CVE-2023-46219" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-85qb-zec7-subc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65704?format=api", "vulnerability_id": "VCID-a8z6-bswu-jue8", "summary": "A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-28320.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28320.html" }, { "reference_url": "https://hackerone.com/reports/1929597", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1929597" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196783", "reference_id": "2196783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196783" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28320" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8z6-bswu-jue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65701?format=api", "vulnerability_id": "VCID-azcz-b8f2-63be", "summary": "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-27533.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27533.html" }, { "reference_url": "https://hackerone.com/reports/1891474", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1891474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062", "reference_id": "2179062", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27533" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azcz-b8f2-63be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60252?format=api", "vulnerability_id": "VCID-bcuq-n4vb-k7f3", "summary": "curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7168.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-7168.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-7168.html" }, { "reference_url": "https://hackerone.com/reports/3697719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3697719" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476979", "reference_id": "2476979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19106", "reference_id": "RHSA-2026:19106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19106" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-7168" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcuq-n4vb-k7f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44801?format=api", "vulnerability_id": "VCID-bx2m-n5ft-3be8", "summary": "Improper Authentication\nAn authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-27535.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27535.html" }, { "reference_url": "https://hackerone.com/reports/1892780", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1892780" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179073", "reference_id": "2179073", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179073" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535", "reference_id": "CVE-2023-27535", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2650", "reference_id": "RHSA-2023:2650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3106", "reference_id": "RHSA-2023:3106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27535" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bx2m-n5ft-3be8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65691?format=api", "vulnerability_id": "VCID-cdzf-3ydt-8bdk", "summary": "When doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously was used to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent `POST` request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-32221.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32221", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01853", "scoring_system": "epss", "scoring_elements": "0.83366", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-32221" }, { "reference_url": "https://curl.se/docs/CVE-2022-32221.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-32221.html" }, { "reference_url": "https://hackerone.com/reports/1704017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1704017" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135411", "reference_id": "2135411", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135411" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:0333", "reference_id": "RHSA-2023:0333", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:0333" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4139", "reference_id": "RHSA-2023:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137946?format=api", "purl": "pkg:generic/curl.se/curl@7.86.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.86.0" } ], "aliases": [ "CVE-2022-32221" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cdzf-3ydt-8bdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65700?format=api", "vulnerability_id": "VCID-cfry-nx5h-kudv", "summary": "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20718", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23916" }, { "reference_url": "https://curl.se/docs/CVE-2023-23916.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-23916.html" }, { "reference_url": "https://hackerone.com/reports/1826048", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1826048" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371", "reference_id": "1031371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815", "reference_id": "2167815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1140", "reference_id": "RHSA-2023:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1701", "reference_id": "RHSA-2023:1701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1842", "reference_id": "RHSA-2023:1842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3460", "reference_id": "RHSA-2023:3460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4139", "reference_id": "RHSA-2023:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4139" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137948?format=api", "purl": "pkg:generic/curl.se/curl@7.88.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-kvmd-97y1-tbcz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0" } ], "aliases": [ "CVE-2023-23916" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfry-nx5h-kudv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61679?format=api", "vulnerability_id": "VCID-f9nm-d5ax-qkcb", "summary": "curl: libcurl: Credential leak via reused proxy connection during HTTP redirects", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6429.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6429.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-6429.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-6429.html" }, { "reference_url": "https://hackerone.com/reports/3677759", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3677759" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461205", "reference_id": "2461205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461205" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-6429" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9nm-d5ax-qkcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65735?format=api", "vulnerability_id": "VCID-fcb7-8163-muf4", "summary": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json" }, { "reference_url": "https://curl.se/docs/CVE-2025-15224.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2025-15224.html" }, { "reference_url": "https://hackerone.com/reports/3480925", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3480925" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426410", "reference_id": "2426410", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426410" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-15224" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fcb7-8163-muf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65712?format=api", "vulnerability_id": "VCID-ffmg-djmk-57hn", "summary": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json" }, { "reference_url": "https://curl.se/docs/CVE-2024-2004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2024-2004.html" }, { "reference_url": "https://hackerone.com/reports/2384833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2384833" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270500", "reference_id": "2270500", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270500" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2693", "reference_id": "RHSA-2024:2693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2694", "reference_id": "RHSA-2024:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2694" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137961?format=api", "purl": "pkg:generic/curl.se/curl@8.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85ne-e7gm-5ua9" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.7.0" } ], "aliases": [ "CVE-2024-2004" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffmg-djmk-57hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65705?format=api", "vulnerability_id": "VCID-g4n9-kg3s-pfcr", "summary": "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-28321.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28321.html" }, { "reference_url": "https://hackerone.com/reports/1950627", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1950627" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786", "reference_id": "2196786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4354", "reference_id": "RHSA-2023:4354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4523", "reference_id": "RHSA-2023:4523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5598", "reference_id": "RHSA-2023:5598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6292", "reference_id": "RHSA-2023:6292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6292" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28321" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4n9-kg3s-pfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61678?format=api", "vulnerability_id": "VCID-g7ux-4vz2-ckfg", "summary": "curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5545.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5545.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-5545.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-5545.html" }, { "reference_url": "https://hackerone.com/reports/3642555", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3642555" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461204", "reference_id": "2461204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461204" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-5545" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7ux-4vz2-ckfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44797?format=api", "vulnerability_id": "VCID-gueb-wzpx-ufb2", "summary": "Improper Authentication\nAn authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-27538.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27538.html" }, { "reference_url": "https://hackerone.com/reports/1898475", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1898475" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179103", "reference_id": "2179103", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179103" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538", "reference_id": "CVE-2023-27538", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27538" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gueb-wzpx-ufb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65695?format=api", "vulnerability_id": "VCID-h4nw-va5b-23ef", "summary": "In curl before 7.86.0, the HSTS check could be bypassed to trick it into staying with HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly (instead of using an insecure cleartext HTTP step) even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced with ASCII counterparts as part of the IDN conversion, e.g., using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop of U+002E (.). The earliest affected version is 7.77.0 2021-05-26.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00048", "scoring_system": "epss", "scoring_elements": "0.15134", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42916" }, { "reference_url": "https://curl.se/docs/CVE-2022-42916.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-42916.html" }, { "reference_url": "https://hackerone.com/reports/1730660", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1730660" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135416", "reference_id": "2135416", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135416" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137946?format=api", "purl": "pkg:generic/curl.se/curl@7.86.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.86.0" } ], "aliases": [ "CVE-2022-42916" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-h4nw-va5b-23ef" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65105?format=api", "vulnerability_id": "VCID-hhms-2hg6-nke9", "summary": "curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-3783.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-3783.html" }, { "reference_url": "https://hackerone.com/reports/3583983", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3583983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446450", "reference_id": "2446450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446450" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137979?format=api", "purl": "pkg:generic/curl.se/curl@8.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0" } ], "aliases": [ "CVE-2026-3783" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhms-2hg6-nke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65714?format=api", "vulnerability_id": "VCID-jnq1-hk6d-b3a3", "summary": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json" }, { "reference_url": "https://curl.se/docs/CVE-2024-2398.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2024-2398.html" }, { "reference_url": "https://hackerone.com/reports/2402845", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2402845" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498", "reference_id": "2270498", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2693", "reference_id": "RHSA-2024:2693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2694", "reference_id": "RHSA-2024:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3998", "reference_id": "RHSA-2024:3998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5529", "reference_id": "RHSA-2024:5529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5654", "reference_id": "RHSA-2024:5654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7374", "reference_id": "RHSA-2024:7374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7374" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137961?format=api", "purl": "pkg:generic/curl.se/curl@8.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85ne-e7gm-5ua9" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.7.0" } ], "aliases": [ "CVE-2024-2398" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnq1-hk6d-b3a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65707?format=api", "vulnerability_id": "VCID-k3nv-gf9b-5ua2", "summary": "When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-38039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-38039.html" }, { "reference_url": "https://hackerone.com/reports/2072338", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2072338" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239135", "reference_id": "2239135", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239135" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7625", "reference_id": "RHSA-2023:7625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137957?format=api", "purl": "pkg:generic/curl.se/curl@8.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.3.0" } ], "aliases": [ "CVE-2023-38039" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3nv-gf9b-5ua2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65694?format=api", "vulnerability_id": "VCID-k5vr-1fmp-sqbw", "summary": "curl before 7.86.0 has a double free. If curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of the protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 status code to the client. Due to flaws in the error/cleanup handling, this could trigger a double free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, or telnet. The earliest affected version is 7.77.0.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42915.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42915.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00467", "scoring_system": "epss", "scoring_elements": "0.64764", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-42915" }, { "reference_url": "https://curl.se/docs/CVE-2022-42915.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-42915.html" }, { "reference_url": "https://hackerone.com/reports/1722065", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1722065" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135413", "reference_id": "2135413", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135413" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137946?format=api", "purl": "pkg:generic/curl.se/curl@7.86.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.86.0" } ], "aliases": [ "CVE-2022-42915" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k5vr-1fmp-sqbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65718?format=api", "vulnerability_id": "VCID-kq38-7s5x-nqaz", "summary": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json" }, { "reference_url": "https://curl.se/docs/CVE-2024-7264.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2024-7264.html" }, { "reference_url": "https://hackerone.com/reports/2629968", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2629968" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656", "reference_id": "1077656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888", "reference_id": "2301888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7726", "reference_id": "RHSA-2024:7726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1671", "reference_id": "RHSA-2025:1671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1673", "reference_id": "RHSA-2025:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1673" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137965?format=api", "purl": "pkg:generic/curl.se/curl@8.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.9.1" } ], "aliases": [ "CVE-2024-7264" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kq38-7s5x-nqaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65693?format=api", "vulnerability_id": "VCID-mpuf-pp6z-q3d6", "summary": "curl can be told to parse a `.netrc` file for credentials. If that file endsin a line with 4095 consecutive non-white space letters and no newline, curlwould first read past the end of the stack-based buffer, and if the readworks, write a zero byte beyond its boundary.This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes.If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35260.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35260.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35260", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00285", "scoring_system": "epss", "scoring_elements": "0.52073", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35260" }, { "reference_url": "https://curl.se/docs/CVE-2022-35260.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-35260.html" }, { "reference_url": "https://hackerone.com/reports/1721098", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1721098" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135412", "reference_id": "2135412", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135412" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137946?format=api", "purl": "pkg:generic/curl.se/curl@7.86.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.86.0" } ], "aliases": [ "CVE-2022-35260" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mpuf-pp6z-q3d6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65696?format=api", "vulnerability_id": "VCID-ns58-vmsz-5ued", "summary": "A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43551.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43551.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43551", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00045", "scoring_system": "epss", "scoring_elements": "0.14256", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43551" }, { "reference_url": "https://curl.se/docs/CVE-2022-43551.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-43551.html" }, { "reference_url": "https://hackerone.com/reports/1755083", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1755083" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026829", "reference_id": "1026829", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026829" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152639", "reference_id": "2152639", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152639" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137947?format=api", "purl": "pkg:generic/curl.se/curl@7.87.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.87.0" } ], "aliases": [ "CVE-2022-43551" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ns58-vmsz-5ued" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65699?format=api", "vulnerability_id": "VCID-nwvb-d466-4uaa", "summary": "A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23915.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23915.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11875", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23915" }, { "reference_url": "https://curl.se/docs/CVE-2023-23915.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-23915.html" }, { "reference_url": "https://hackerone.com/reports/1814333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1814333" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371", "reference_id": "1031371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167813", "reference_id": "2167813", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167813" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137948?format=api", "purl": "pkg:generic/curl.se/curl@7.88.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-kvmd-97y1-tbcz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0" } ], "aliases": [ "CVE-2023-23915" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwvb-d466-4uaa" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65726?format=api", "vulnerability_id": "VCID-p155-gbtu-abg1", "summary": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json" }, { "reference_url": "https://curl.se/docs/CVE-2025-10966.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2025-10966.html" }, { "reference_url": "https://hackerone.com/reports/3355218", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3355218" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413308", "reference_id": "2413308", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413308" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137977?format=api", "purl": "pkg:generic/curl.se/curl@8.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.17.0" } ], "aliases": [ "CVE-2025-10966" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p155-gbtu-abg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65702?format=api", "vulnerability_id": "VCID-p97a-kjpp-f3d8", "summary": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-27534.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27534.html" }, { "reference_url": "https://hackerone.com/reports/1892351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1892351" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069", "reference_id": "2179069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27534" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p97a-kjpp-f3d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65697?format=api", "vulnerability_id": "VCID-r2g9-c896-rkge", "summary": "A use after free vulnerability exists in curl <7.87.0. Curl can be asked to *tunnel* virtually all protocols it supports through an HTTP proxy. HTTP proxies can (and often do) deny such tunnel operations. When getting denied to tunnel the specific protocols SMB or TELNET, curl would use a heap-allocated struct after it had been freed, in its transfer shutdown code path.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43552", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00104", "scoring_system": "epss", "scoring_elements": "0.27848", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-43552" }, { "reference_url": "https://curl.se/docs/CVE-2022-43552.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-43552.html" }, { "reference_url": "https://hackerone.com/reports/1764858", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1764858" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830", "reference_id": "1026830", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652", "reference_id": "2152652", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2152652" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2478", "reference_id": "RHSA-2023:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2963", "reference_id": "RHSA-2023:2963", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7743", "reference_id": "RHSA-2023:7743", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7743" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137947?format=api", "purl": "pkg:generic/curl.se/curl@7.87.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.87.0" } ], "aliases": [ "CVE-2022-43552" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r2g9-c896-rkge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4859?format=api", "vulnerability_id": "VCID-razg-yr7y-ukgd", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json" }, { "reference_url": "https://hackerone.com/reports/2187833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2187833" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241933", "reference_id": "2241933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241933" }, { "reference_url": "https://security.archlinux.org/AVG-2845", "reference_id": "AVG-2845", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2845" }, { "reference_url": "https://security.archlinux.org/AVG-2846", "reference_id": "AVG-2846", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2846" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545", "reference_id": "CVE-2023-38545", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545" }, { "reference_url": "https://curl.se/docs/CVE-2023-38545.html", "reference_id": "CVE-2023-38545.HTML", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-38545.html" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5700", "reference_id": "RHSA-2023:5700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5763", "reference_id": "RHSA-2023:5763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6745", "reference_id": "RHSA-2023:6745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7625", "reference_id": "RHSA-2023:7625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0797", "reference_id": "RHSA-2024:0797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2011", "reference_id": "RHSA-2024:2011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2011" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137958?format=api", "purl": "pkg:generic/curl.se/curl@8.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.4.0" } ], "aliases": [ "CVE-2023-38545" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-razg-yr7y-ukgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61673?format=api", "vulnerability_id": "VCID-secz-78pt-dben", "summary": "curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6253.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6253.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-6253.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-6253.html" }, { "reference_url": "https://hackerone.com/reports/3669637", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3669637" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461202", "reference_id": "2461202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461202" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-6253" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-secz-78pt-dben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65706?format=api", "vulnerability_id": "VCID-sutv-qt2x-2yc7", "summary": "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-28322.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28322.html" }, { "reference_url": "https://hackerone.com/reports/1954658", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1954658" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793", "reference_id": "2196793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4354", "reference_id": "RHSA-2023:4354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5598", "reference_id": "RHSA-2023:5598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0585", "reference_id": "RHSA-2024:0585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1601", "reference_id": "RHSA-2024:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2092", "reference_id": "RHSA-2024:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2093", "reference_id": "RHSA-2024:2093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2093" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28322" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sutv-qt2x-2yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65711?format=api", "vulnerability_id": "VCID-u1p8-s8vm-3yer", "summary": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11053.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11053.json" }, { "reference_url": "https://curl.se/docs/CVE-2024-11053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2024-11053.html" }, { "reference_url": "https://hackerone.com/reports/2829063", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2829063" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089682", "reference_id": "1089682", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089682" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331191", "reference_id": "2331191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331191" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1671", "reference_id": "RHSA-2025:1671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1673", "reference_id": "RHSA-2025:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1673" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137969?format=api", "purl": "pkg:generic/curl.se/curl@8.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-ejn1-w8wj-1qau" }, { "vulnerability": "VCID-ezve-gc2h-qyga" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.11.1" } ], "aliases": [ "CVE-2024-11053" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1p8-s8vm-3yer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65733?format=api", "vulnerability_id": "VCID-v82t-s9e1-2fbw", "summary": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json" }, { "reference_url": "https://curl.se/docs/CVE-2025-15079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2025-15079.html" }, { "reference_url": "https://hackerone.com/reports/3477116", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3477116" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426409", "reference_id": "2426409", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426409" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-15079" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v82t-s9e1-2fbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4858?format=api", "vulnerability_id": "VCID-w472-84ep-fkdx", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json" }, { "reference_url": "https://hackerone.com/reports/2148242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2148242" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241938", "reference_id": "2241938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241938" }, { "reference_url": "https://security.archlinux.org/AVG-2845", "reference_id": "AVG-2845", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2845" }, { "reference_url": "https://security.archlinux.org/AVG-2846", "reference_id": "AVG-2846", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2846" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546", "reference_id": "CVE-2023-38546", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546" }, { "reference_url": "https://curl.se/docs/CVE-2023-38546.html", "reference_id": "CVE-2023-38546.HTML", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-38546.html" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5700", "reference_id": "RHSA-2023:5700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5763", "reference_id": "RHSA-2023:5763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6292", "reference_id": "RHSA-2023:6292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6745", "reference_id": "RHSA-2023:6745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7540", "reference_id": "RHSA-2023:7540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7540" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7625", "reference_id": "RHSA-2023:7625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1601", "reference_id": "RHSA-2024:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2092", "reference_id": "RHSA-2024:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2093", "reference_id": "RHSA-2024:2093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2101", "reference_id": "RHSA-2024:2101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2101" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137958?format=api", "purl": "pkg:generic/curl.se/curl@8.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.4.0" } ], "aliases": [ "CVE-2023-38546" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w472-84ep-fkdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61670?format=api", "vulnerability_id": "VCID-w8ff-vxga-8qcz", "summary": "curl: curl: Information disclosure due to incorrect TLS connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4873.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4873.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-4873.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-4873.html" }, { "reference_url": "https://hackerone.com/reports/3621851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3621851" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461200", "reference_id": "2461200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461200" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-4873" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ff-vxga-8qcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61676?format=api", "vulnerability_id": "VCID-wgur-psum-pbck", "summary": "curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6276.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6276.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-6276.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-6276.html" }, { "reference_url": "https://hackerone.com/reports/3671818", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3671818" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461203", "reference_id": "2461203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461203" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-6276" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgur-psum-pbck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65708?format=api", "vulnerability_id": "VCID-wmam-qmmg-6uay", "summary": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json" }, { "reference_url": "https://curl.se/docs/CVE-2023-46218.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-46218.html" }, { "reference_url": "https://hackerone.com/reports/2212193", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2212193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646", "reference_id": "1057646", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252030", "reference_id": "2252030", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252030" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0434", "reference_id": "RHSA-2024:0434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0452", "reference_id": "RHSA-2024:0452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0585", "reference_id": "RHSA-2024:0585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1129", "reference_id": "RHSA-2024:1129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1316", "reference_id": "RHSA-2024:1316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1317", "reference_id": "RHSA-2024:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1601", "reference_id": "RHSA-2024:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2092", "reference_id": "RHSA-2024:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2093", "reference_id": "RHSA-2024:2093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2094", "reference_id": "RHSA-2024:2094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2094" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137959?format=api", "purl": "pkg:generic/curl.se/curl@8.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-h7v8-bg58-mkhu" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-ke97-b9rb-5bfd" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.5.0" } ], "aliases": [ "CVE-2023-46218" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmam-qmmg-6uay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65719?format=api", "vulnerability_id": "VCID-y41p-tgpa-m7cs", "summary": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json" }, { "reference_url": "https://curl.se/docs/CVE-2024-8096.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2024-8096.html" }, { "reference_url": "https://hackerone.com/reports/2669852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2669852" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310519", "reference_id": "2310519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310519" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137966?format=api", "purl": "pkg:generic/curl.se/curl@8.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.10.0" } ], "aliases": [ "CVE-2024-8096" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y41p-tgpa-m7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65103?format=api", "vulnerability_id": "VCID-y44u-23he-aya8", "summary": "curl: curl: Unauthorized access due to improper HTTP proxy connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json" }, { "reference_url": "https://curl.se/docs/CVE-2026-3784.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-3784.html" }, { "reference_url": "https://hackerone.com/reports/3584903", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3584903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446449", "reference_id": "2446449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446449" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137979?format=api", "purl": "pkg:generic/curl.se/curl@8.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0" } ], "aliases": [ "CVE-2026-3784" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y44u-23he-aya8" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65692?format=api", "vulnerability_id": "VCID-1a1k-d4ez-ybdu", "summary": "When curl is used to retrieve and parse cookies from a HTTP(S) server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a\"sister site\" to deny service to all siblings.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35252.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35252", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00289", "scoring_system": "epss", "scoring_elements": "0.52551", "published_at": "2026-06-04T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2022-35252" }, { "reference_url": "https://curl.se/docs/CVE-2022-35252.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2022-35252.html" }, { "reference_url": "https://hackerone.com/reports/1613943", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1613943" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831", "reference_id": "1018831", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1018831" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120718", "reference_id": "2120718", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120718" }, { "reference_url": "https://security.gentoo.org/glsa/202212-01", "reference_id": "GLSA-202212-01", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202212-01" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8840", "reference_id": "RHSA-2022:8840", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8840" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2022:8841", "reference_id": "RHSA-2022:8841", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2022:8841" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2478", "reference_id": "RHSA-2023:2478", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2478" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2963", "reference_id": "RHSA-2023:2963", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2963" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137945?format=api", "purl": "pkg:generic/curl.se/curl@7.85.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-287k-bzqy-n7ag" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-cdzf-3ydt-8bdk" }, { "vulnerability": "VCID-cfry-nx5h-kudv" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-h4nw-va5b-23ef" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-k5vr-1fmp-sqbw" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-mpuf-pp6z-q3d6" }, { "vulnerability": "VCID-ns58-vmsz-5ued" }, { "vulnerability": "VCID-nwvb-d466-4uaa" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-r2g9-c896-rkge" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.85.0" } ], "aliases": [ "CVE-2022-35252" ], "risk_score": 1.4, "exploitability": "0.5", "weighted_severity": "2.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1a1k-d4ez-ybdu" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.85.0" }