Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/137948?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/137948?format=api", "purl": "pkg:generic/curl.se/curl@7.88.0", "type": "generic", "namespace": "curl.se", "name": "curl", "version": "7.88.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "8.20.0", "latest_non_vulnerable_version": "8.20.0", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65724?format=api", "vulnerability_id": "VCID-1dw3-33ju-jkbs", "summary": "When libcurl is asked to perform automatic gzip decompression of content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option, **using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would make libcurl perform a buffer overflow.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.0", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0725", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.006", "scoring_system": "epss", "scoring_elements": "0.69865", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0725" }, { "reference_url": "https://curl.se/docs/CVE-2025-0725.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/" } ], "url": "https://curl.se/docs/CVE-2025-0725.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2956023", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/" } ], "url": "https://hackerone.com/reports/2956023" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343899", "reference_id": "2343899", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2343899" }, { "reference_url": "https://curl.se/docs/CVE-2025-0725.json", "reference_id": "CVE-2025-0725.json", "reference_type": "", "scores": [ { "value": "7.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/" } ], "url": "https://curl.se/docs/CVE-2025-0725.json" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137970?format=api", "purl": "pkg:generic/curl.se/curl@8.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-ezve-gc2h-qyga" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.0" } ], "aliases": [ "CVE-2025-0725" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.6", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1dw3-33ju-jkbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44796?format=api", "vulnerability_id": "VCID-1zsv-4jdy-63en", "summary": "Improper Authentication\nAn authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27536", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00011", "scoring_system": "epss", "scoring_elements": "0.01404", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27536" }, { "reference_url": "https://curl.se/docs/CVE-2023-27536.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27536.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1895135", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/" } ], "url": "https://hackerone.com/reports/1895135" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179092", "reference_id": "2179092", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179092" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536", "reference_id": "CVE-2023-27536", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27536" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230420-0010/", "reference_id": "ntap-20230420-0010", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230420-0010/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4523", "reference_id": "RHSA-2023:4523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" }, { "reference_url": "https://usn.ubuntu.com/5964-1/", "reference_id": "USN-5964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5964-1/" }, { "reference_url": "https://usn.ubuntu.com/5964-2/", "reference_id": "USN-5964-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5964-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27536" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1zsv-4jdy-63en" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65730?format=api", "vulnerability_id": "VCID-21ff-tazv-9ud3", "summary": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14524", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00027", "scoring_system": "epss", "scoring_elements": "0.08189", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14524" }, { "reference_url": "https://curl.se/docs/CVE-2025-14524.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/" } ], "url": "https://curl.se/docs/CVE-2025-14524.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3459417", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/" } ], "url": "https://hackerone.com/reports/3459417" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426407", "reference_id": "2426407", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426407" }, { "reference_url": "https://curl.se/docs/CVE-2025-14524.json", "reference_id": "CVE-2025-14524.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/" } ], "url": "https://curl.se/docs/CVE-2025-14524.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8062-1/", "reference_id": "USN-8062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-14524" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-21ff-tazv-9ud3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65106?format=api", "vulnerability_id": "VCID-39qh-jayw-g3dh", "summary": "curl: curl: Authentication bypass due to incorrect connection reuse with Negotiate authentication", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-1965.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1965", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00073", "scoring_system": "epss", "scoring_elements": "0.22244", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-1965" }, { "reference_url": "https://curl.se/docs/CVE-2026-1965.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:31:56Z/" } ], "url": "https://curl.se/docs/CVE-2026-1965.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-1965" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446448", "reference_id": "2446448", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446448" }, { "reference_url": "https://curl.se/docs/CVE-2026-1965.json", "reference_id": "CVE-2026-1965.json", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:31:56Z/" } ], "url": "https://curl.se/docs/CVE-2026-1965.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8084-1/", "reference_id": "USN-8084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8084-1/" }, { "reference_url": "https://usn.ubuntu.com/8099-1/", "reference_id": "USN-8099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8099-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137979?format=api", "purl": "pkg:generic/curl.se/curl@8.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0" } ], "aliases": [ "CVE-2026-1965" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-39qh-jayw-g3dh" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65722?format=api", "vulnerability_id": "VCID-3p2z-61gq-muhs", "summary": "When asked to use a `.netrc` file for credentials **and** to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has a `default` entry that omits both login and password. A rare circumstance.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0167", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00331", "scoring_system": "epss", "scoring_elements": "0.56362", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-0167" }, { "reference_url": "https://curl.se/docs/CVE-2025-0167.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/" } ], "url": "https://curl.se/docs/CVE-2025-0167.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2917232", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/" } ], "url": "https://hackerone.com/reports/2917232" }, { "reference_url": "https://curl.se/docs/CVE-2025-0167.json", "reference_id": "CVE-2025-0167.json", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/" } ], "url": "https://curl.se/docs/CVE-2025-0167.json" }, { "reference_url": "https://usn.ubuntu.com/8084-1/", "reference_id": "USN-8084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8084-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137970?format=api", "purl": "pkg:generic/curl.se/curl@8.12.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-ezve-gc2h-qyga" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.0" } ], "aliases": [ "CVE-2025-0167" ], "risk_score": 1.1, "exploitability": "0.5", "weighted_severity": "2.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3p2z-61gq-muhs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61672?format=api", "vulnerability_id": "VCID-5un8-xymy-37bt", "summary": "curl: libcurl: Wrong file transfer due to incorrect SMB connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5773.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5773.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5773", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00019", "scoring_system": "epss", "scoring_elements": "0.05317", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5773" }, { "reference_url": "https://curl.se/docs/CVE-2026-5773.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:45:00Z/" } ], "url": "https://curl.se/docs/CVE-2026-5773.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5773", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5773" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3650689", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:45:00Z/" } ], "url": "https://hackerone.com/reports/3650689" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461201", "reference_id": "2461201", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461201" }, { "reference_url": "https://curl.se/docs/CVE-2026-5773.json", "reference_id": "CVE-2026-5773.json", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:45:00Z/" } ], "url": "https://curl.se/docs/CVE-2026-5773.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" }, { "reference_url": "https://usn.ubuntu.com/8227-1/", "reference_id": "USN-8227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8227-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-5773" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5un8-xymy-37bt" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65703?format=api", "vulnerability_id": "VCID-6en5-etsd-2bce", "summary": "A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28319", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0032", "scoring_system": "epss", "scoring_elements": "0.55405", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28319" }, { "reference_url": "https://curl.se/docs/CVE-2023-28319.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28319.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1913733", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://hackerone.com/reports/1913733" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778", "reference_id": "2196778", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196778" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/47", "reference_id": "47", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/47" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/48", "reference_id": "48", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/48" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/52", "reference_id": "52", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/52" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://support.apple.com/kb/HT213843", "reference_id": "HT213843", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://support.apple.com/kb/HT213843" }, { "reference_url": "https://support.apple.com/kb/HT213844", "reference_id": "HT213844", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://support.apple.com/kb/HT213844" }, { "reference_url": "https://support.apple.com/kb/HT213845", "reference_id": "HT213845", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://support.apple.com/kb/HT213845" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230609-0009/", "reference_id": "ntap-20230609-0009", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230609-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28319" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6en5-etsd-2bce" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65721?format=api", "vulnerability_id": "VCID-6ggz-pa5t-77c4", "summary": "When curl is asked to use HSTS, the expiry time for a subdomain might overwrite a parent domain's cache entry, making it end sooner or later than otherwise intended. This affects curl using applications that enable HSTS and use URLs with the insecure `HTTP://` scheme and perform transfers with hosts like `x.example.com` as well as `example.com` where the first host is a subdomain of the second host. (The HSTS cache either needs to have been populated manually or there needs to have been previous HTTPS accesses done as the cache needs to have entries for the domains involved to trigger this problem.) When `x.example.com` responds with `Strict-Transport-Security:` headers, this bug can make the subdomain's expiry timeout *bleed over* and get set for the parent domain `example.com` in curl's HSTS cache. The result of a triggered bug is that HTTP accesses to `example.com` get converted to HTTPS for a different period of time than what was asked for by the origin server. If `example.com` for example stops supporting HTTPS at its expiry time, curl might then fail to access `http://example.com` until the (wrongly set) timeout expires. This bug can also expire the parent's entry *earlier*, thus making curl inadvertently switch back to insecure HTTP earlier than otherwise intended.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9681", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00745", "scoring_system": "epss", "scoring_elements": "0.73435", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-9681" }, { "reference_url": "https://curl.se/docs/CVE-2024-9681.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/" } ], "url": "https://curl.se/docs/CVE-2024-9681.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2764830", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/" } ], "url": "https://hackerone.com/reports/2764830" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086804", "reference_id": "1086804", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086804" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322969", "reference_id": "2322969", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2322969" }, { "reference_url": "https://curl.se/docs/CVE-2024-9681.json", "reference_id": "CVE-2024-9681.json", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/" } ], "url": "https://curl.se/docs/CVE-2024-9681.json" }, { "reference_url": "https://usn.ubuntu.com/7104-1/", "reference_id": "USN-7104-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7104-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137968?format=api", "purl": "pkg:generic/curl.se/curl@8.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-ezve-gc2h-qyga" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.11.0" } ], "aliases": [ "CVE-2024-9681" ], "risk_score": 1.8, "exploitability": "0.5", "weighted_severity": "3.5", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ggz-pa5t-77c4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65729?format=api", "vulnerability_id": "VCID-7wqd-99h2-e7hk", "summary": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl, changing TLS options in one thread would inadvertently change them globally and therefore possibly also affect other concurrently setup transfers. Disabling certificate verification for a specific transfer could unintentionally disable the feature for other threads as well.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14017", "reference_id": "", "reference_type": "", "scores": [ { "value": "3e-05", "scoring_system": "epss", "scoring_elements": "0.00081", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14017" }, { "reference_url": "https://curl.se/docs/CVE-2025-14017.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/" } ], "url": "https://curl.se/docs/CVE-2025-14017.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427870", "reference_id": "2427870", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2427870" }, { "reference_url": "https://curl.se/docs/CVE-2025-14017.json", "reference_id": "CVE-2025-14017.json", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/" } ], "url": "https://curl.se/docs/CVE-2025-14017.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8062-1/", "reference_id": "USN-8062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-1/" }, { "reference_url": "https://usn.ubuntu.com/8062-2/", "reference_id": "USN-8062-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-14017" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-7wqd-99h2-e7hk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65709?format=api", "vulnerability_id": "VCID-85qb-zec7-subc", "summary": "When saving HSTS data to an excessively long file name, curl could end up removing all contents, making subsequent requests using that file unaware of the HSTS status they should otherwise use.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46219.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46219.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46219", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00139", "scoring_system": "epss", "scoring_elements": "0.33683", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46219" }, { "reference_url": "https://curl.se/docs/CVE-2023-46219.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/" } ], "url": "https://curl.se/docs/CVE-2023-46219.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46219", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46219" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2236133", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/" } ], "url": "https://hackerone.com/reports/2236133" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057645", "reference_id": "1057645", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057645" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252034", "reference_id": "2252034", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252034" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5587", "reference_id": "dsa-5587", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5587" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240119-0007/", "reference_id": "ntap-20240119-0007", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240119-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1316", "reference_id": "RHSA-2024:1316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1317", "reference_id": "RHSA-2024:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1317" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/", "reference_id": "UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/" }, { "reference_url": "https://usn.ubuntu.com/6535-1/", "reference_id": "USN-6535-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6535-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137959?format=api", "purl": "pkg:generic/curl.se/curl@8.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-h7v8-bg58-mkhu" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-ke97-b9rb-5bfd" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.5.0" } ], "aliases": [ "CVE-2023-46219" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-85qb-zec7-subc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65704?format=api", "vulnerability_id": "VCID-a8z6-bswu-jue8", "summary": "A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28320", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00641", "scoring_system": "epss", "scoring_elements": "0.7103", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28320" }, { "reference_url": "https://curl.se/docs/CVE-2023-28320.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28320.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1929597", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/" } ], "url": "https://hackerone.com/reports/1929597" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196783", "reference_id": "2196783", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196783" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/47", "reference_id": "47", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/47" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/48", "reference_id": "48", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/48" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/52", "reference_id": "52", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/52" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://support.apple.com/kb/HT213843", "reference_id": "HT213843", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/" } ], "url": "https://support.apple.com/kb/HT213843" }, { "reference_url": "https://support.apple.com/kb/HT213844", "reference_id": "HT213844", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/" } ], "url": "https://support.apple.com/kb/HT213844" }, { "reference_url": "https://support.apple.com/kb/HT213845", "reference_id": "HT213845", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/" } ], "url": "https://support.apple.com/kb/HT213845" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230609-0009/", "reference_id": "ntap-20230609-0009", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230609-0009/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28320" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a8z6-bswu-jue8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65701?format=api", "vulnerability_id": "VCID-azcz-b8f2-63be", "summary": "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27533", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00179", "scoring_system": "epss", "scoring_elements": "0.39261", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27533" }, { "reference_url": "https://curl.se/docs/CVE-2023-27533.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27533.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1891474", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/" } ], "url": "https://hackerone.com/reports/1891474" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062", "reference_id": "2179062", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179062" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230420-0011/", "reference_id": "ntap-20230420-0011", "reference_type": "", "scores": [ { "value": "9.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230420-0011/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" }, { "reference_url": "https://usn.ubuntu.com/5964-1/", "reference_id": "USN-5964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5964-1/" }, { "reference_url": "https://usn.ubuntu.com/5964-2/", "reference_id": "USN-5964-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5964-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27533" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-azcz-b8f2-63be" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/60252?format=api", "vulnerability_id": "VCID-bcuq-n4vb-k7f3", "summary": "curl: libcurl: Information disclosure via incorrect Proxy-Authorization header reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7168.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-7168.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7168", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00079", "scoring_system": "epss", "scoring_elements": "0.23476", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-7168" }, { "reference_url": "https://curl.se/docs/CVE-2026-7168.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2026-7168.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-7168" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3697719", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/3697719" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476979", "reference_id": "2476979", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2476979" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:19106", "reference_id": "RHSA-2026:19106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:19106" }, { "reference_url": "https://usn.ubuntu.com/8227-1/", "reference_id": "USN-8227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8227-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-7168" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bcuq-n4vb-k7f3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44801?format=api", "vulnerability_id": "VCID-bx2m-n5ft-3be8", "summary": "Improper Authentication\nAn authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27535", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00036", "scoring_system": "epss", "scoring_elements": "0.11244", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27535" }, { "reference_url": "https://curl.se/docs/CVE-2023-27535.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27535.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1892780", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/" } ], "url": "https://hackerone.com/reports/1892780" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179073", "reference_id": "2179073", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179073" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535", "reference_id": "CVE-2023-27535", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27535" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230420-0010/", "reference_id": "ntap-20230420-0010", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230420-0010/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:2650", "reference_id": "RHSA-2023:2650", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:2650" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3106", "reference_id": "RHSA-2023:3106", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3106" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" }, { "reference_url": "https://usn.ubuntu.com/5964-1/", "reference_id": "USN-5964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5964-1/" }, { "reference_url": "https://usn.ubuntu.com/5964-2/", "reference_id": "USN-5964-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5964-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27535" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bx2m-n5ft-3be8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61679?format=api", "vulnerability_id": "VCID-f9nm-d5ax-qkcb", "summary": "curl: libcurl: Credential leak via reused proxy connection during HTTP redirects", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6429.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6429.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6429", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00021", "scoring_system": "epss", "scoring_elements": "0.06052", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6429" }, { "reference_url": "https://curl.se/docs/CVE-2026-6429.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:03:52Z/" } ], "url": "https://curl.se/docs/CVE-2026-6429.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6429", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6429" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3677759", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:03:52Z/" } ], "url": "https://hackerone.com/reports/3677759" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461205", "reference_id": "2461205", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461205" }, { "reference_url": "https://curl.se/docs/CVE-2026-6429.json", "reference_id": "CVE-2026-6429.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T14:03:52Z/" } ], "url": "https://curl.se/docs/CVE-2026-6429.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" }, { "reference_url": "https://usn.ubuntu.com/8227-1/", "reference_id": "USN-8227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8227-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-6429" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-f9nm-d5ax-qkcb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65735?format=api", "vulnerability_id": "VCID-fcb7-8163-muf4", "summary": "When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15224", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00067", "scoring_system": "epss", "scoring_elements": "0.20921", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15224" }, { "reference_url": "https://curl.se/docs/CVE-2025-15224.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/" } ], "url": "https://curl.se/docs/CVE-2025-15224.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3480925", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/" } ], "url": "https://hackerone.com/reports/3480925" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426410", "reference_id": "2426410", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426410" }, { "reference_url": "https://curl.se/docs/CVE-2025-15224.json", "reference_id": "CVE-2025-15224.json", "reference_type": "", "scores": [ { "value": "3.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/" } ], "url": "https://curl.se/docs/CVE-2025-15224.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8062-1/", "reference_id": "USN-8062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-1/" }, { "reference_url": "https://usn.ubuntu.com/8062-2/", "reference_id": "USN-8062-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-15224" ], "risk_score": 2.1, "exploitability": "0.5", "weighted_severity": "4.2", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fcb7-8163-muf4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65712?format=api", "vulnerability_id": "VCID-ffmg-djmk-57hn", "summary": "When a protocol selection parameter option disables all protocols without adding any then the default set of protocols would remain in the allowed set due to an error in the logic for removing protocols. The below command would perform a request to curl.se with a plaintext protocol which has been explicitly disabled. curl --proto -all,-http http://curl.se The flaw is only present if the set of selected protocols disables the entire set of available protocols, in itself a command with no practical use and therefore unlikely to be encountered in real situations. The curl security team has thus assessed this to be low severity bug.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2004", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0091", "scoring_system": "epss", "scoring_elements": "0.76222", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2004" }, { "reference_url": "https://curl.se/docs/CVE-2024-2004.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://curl.se/docs/CVE-2024-2004.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2384833", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://hackerone.com/reports/2384833" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/27/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/27/1" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/18", "reference_id": "18", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/19", "reference_id": "19", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/19" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/20" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270500", "reference_id": "2270500", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270500" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/", "reference_id": "2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/" }, { "reference_url": "https://curl.se/docs/CVE-2024-2004.json", "reference_id": "CVE-2024-2004.json", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://curl.se/docs/CVE-2024-2004.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/", "reference_id": "GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/" }, { "reference_url": "https://support.apple.com/kb/HT214118", "reference_id": "HT214118", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://support.apple.com/kb/HT214118" }, { "reference_url": "https://support.apple.com/kb/HT214119", "reference_id": "HT214119", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://support.apple.com/kb/HT214119" }, { "reference_url": "https://support.apple.com/kb/HT214120", "reference_id": "HT214120", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://support.apple.com/kb/HT214120" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240524-0006/", "reference_id": "ntap-20240524-0006", "reference_type": "", "scores": [ { "value": "3.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240524-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2693", "reference_id": "RHSA-2024:2693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2694", "reference_id": "RHSA-2024:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2694" }, { "reference_url": "https://usn.ubuntu.com/6718-1/", "reference_id": "USN-6718-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6718-1/" }, { "reference_url": "https://usn.ubuntu.com/6718-3/", "reference_id": "USN-6718-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6718-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137961?format=api", "purl": "pkg:generic/curl.se/curl@8.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85ne-e7gm-5ua9" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.7.0" } ], "aliases": [ "CVE-2024-2004" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ffmg-djmk-57hn" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65705?format=api", "vulnerability_id": "VCID-g4n9-kg3s-pfcr", "summary": "An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as \"Subject Alternative Name\" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28321.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28321", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00297", "scoring_system": "epss", "scoring_elements": "0.5335", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28321" }, { "reference_url": "https://curl.se/docs/CVE-2023-28321.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28321.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28321" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1950627", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "https://hackerone.com/reports/1950627" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786", "reference_id": "2196786", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196786" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/47", "reference_id": "47", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/47" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/48", "reference_id": "48", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/48" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/52", "reference_id": "52", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/52" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/", "reference_id": "F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://support.apple.com/kb/HT213843", "reference_id": "HT213843", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "https://support.apple.com/kb/HT213843" }, { "reference_url": "https://support.apple.com/kb/HT213844", "reference_id": "HT213844", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "https://support.apple.com/kb/HT213844" }, { "reference_url": "https://support.apple.com/kb/HT213845", "reference_id": "HT213845", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "https://support.apple.com/kb/HT213845" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html", "reference_id": "msg00016.html", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230609-0009/", "reference_id": "ntap-20230609-0009", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230609-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4354", "reference_id": "RHSA-2023:4354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4523", "reference_id": "RHSA-2023:4523", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4523" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5598", "reference_id": "RHSA-2023:5598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6292", "reference_id": "RHSA-2023:6292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6292" }, { "reference_url": "https://usn.ubuntu.com/6237-1/", "reference_id": "USN-6237-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6237-1/" }, { "reference_url": "https://usn.ubuntu.com/6237-3/", "reference_id": "USN-6237-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6237-3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/", "reference_id": "Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28321" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4n9-kg3s-pfcr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61678?format=api", "vulnerability_id": "VCID-g7ux-4vz2-ckfg", "summary": "curl: libcurl: Authentication bypass due to incorrect HTTP Negotiate connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5545.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-5545.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00037", "scoring_system": "epss", "scoring_elements": "0.11302", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-5545" }, { "reference_url": "https://curl.se/docs/CVE-2026-5545.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:46:36Z/" } ], "url": "https://curl.se/docs/CVE-2026-5545.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-5545" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3642555", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:46:36Z/" } ], "url": "https://hackerone.com/reports/3642555" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461204", "reference_id": "2461204", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461204" }, { "reference_url": "https://curl.se/docs/CVE-2026-5545.json", "reference_id": "CVE-2026-5545.json", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:46:36Z/" } ], "url": "https://curl.se/docs/CVE-2026-5545.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" }, { "reference_url": "https://usn.ubuntu.com/8227-1/", "reference_id": "USN-8227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8227-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-5545" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g7ux-4vz2-ckfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44797?format=api", "vulnerability_id": "VCID-gueb-wzpx-ufb2", "summary": "Improper Authentication\nAn authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27538", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00012", "scoring_system": "epss", "scoring_elements": "0.01683", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27538" }, { "reference_url": "https://curl.se/docs/CVE-2023-27538.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27538.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1898475", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/" } ], "url": "https://hackerone.com/reports/1898475" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179103", "reference_id": "2179103", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179103" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538", "reference_id": "CVE-2023-27538", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27538" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html", "reference_id": "msg00025.html", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230420-0010/", "reference_id": "ntap-20230420-0010", "reference_type": "", "scores": [ { "value": "7.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230420-0010/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" }, { "reference_url": "https://usn.ubuntu.com/5964-1/", "reference_id": "USN-5964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5964-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27538" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gueb-wzpx-ufb2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65731?format=api", "vulnerability_id": "VCID-gux4-dncg-h7a6", "summary": "When doing TLS related transfers with reused easy or multi handles and altering the `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally reuse a CA store cached in memory for which the partial chain option was reversed. Contrary to the user's wishes and expectations. This could make libcurl find and accept a trust chain that it otherwise would not.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14819", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.09188", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-14819" }, { "reference_url": "https://curl.se/docs/CVE-2025-14819.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/" } ], "url": "https://curl.se/docs/CVE-2025-14819.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426408", "reference_id": "2426408", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426408" }, { "reference_url": "https://curl.se/docs/CVE-2025-14819.json", "reference_id": "CVE-2025-14819.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/" } ], "url": "https://curl.se/docs/CVE-2025-14819.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8062-1/", "reference_id": "USN-8062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-14819" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "6.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gux4-dncg-h7a6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65105?format=api", "vulnerability_id": "VCID-hhms-2hg6-nke9", "summary": "curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3783", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00028", "scoring_system": "epss", "scoring_elements": "0.08557", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3783" }, { "reference_url": "https://curl.se/docs/CVE-2026-3783.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/" } ], "url": "https://curl.se/docs/CVE-2026-3783.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3583983", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/" } ], "url": "https://hackerone.com/reports/3583983" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446450", "reference_id": "2446450", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446450" }, { "reference_url": "https://curl.se/docs/CVE-2026-3783.json", "reference_id": "CVE-2026-3783.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/" } ], "url": "https://curl.se/docs/CVE-2026-3783.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8084-1/", "reference_id": "USN-8084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8084-1/" }, { "reference_url": "https://usn.ubuntu.com/8099-1/", "reference_id": "USN-8099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8099-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137979?format=api", "purl": "pkg:generic/curl.se/curl@8.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0" } ], "aliases": [ "CVE-2026-3783" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.1", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-hhms-2hg6-nke9" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65714?format=api", "vulnerability_id": "VCID-jnq1-hk6d-b3a3", "summary": "When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously allocated headers and instead leaks the memory. Further, this error condition fails silently and is therefore not easily detected by an application.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2398", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.02015", "scoring_system": "epss", "scoring_elements": "0.84075", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-2398" }, { "reference_url": "https://curl.se/docs/CVE-2024-2398.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "https://curl.se/docs/CVE-2024-2398.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2398", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2398" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2402845", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "https://hackerone.com/reports/2402845" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/18", "reference_id": "18", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/18" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/19", "reference_id": "19", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/19" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jul/20", "reference_id": "20", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jul/20" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498", "reference_id": "2270498", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2270498" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/", "reference_id": "2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/03/27/3", "reference_id": "3", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/03/27/3" }, { "reference_url": "https://curl.se/docs/CVE-2024-2398.json", "reference_id": "CVE-2024-2398.json", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "https://curl.se/docs/CVE-2024-2398.json" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/", "reference_id": "GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/" }, { "reference_url": "https://support.apple.com/kb/HT214118", "reference_id": "HT214118", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "https://support.apple.com/kb/HT214118" }, { "reference_url": "https://support.apple.com/kb/HT214119", "reference_id": "HT214119", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "https://support.apple.com/kb/HT214119" }, { "reference_url": "https://support.apple.com/kb/HT214120", "reference_id": "HT214120", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "https://support.apple.com/kb/HT214120" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240503-0009/", "reference_id": "ntap-20240503-0009", "reference_type": "", "scores": [ { "value": "8.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240503-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:10135", "reference_id": "RHSA-2024:10135", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:10135" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:11109", "reference_id": "RHSA-2024:11109", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:11109" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2693", "reference_id": "RHSA-2024:2693", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2693" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2694", "reference_id": "RHSA-2024:2694", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2694" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:3998", "reference_id": "RHSA-2024:3998", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:3998" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5529", "reference_id": "RHSA-2024:5529", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5529" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:5654", "reference_id": "RHSA-2024:5654", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:5654" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7213", "reference_id": "RHSA-2024:7213", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7213" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7374", "reference_id": "RHSA-2024:7374", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7374" }, { "reference_url": "https://usn.ubuntu.com/6718-1/", "reference_id": "USN-6718-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6718-1/" }, { "reference_url": "https://usn.ubuntu.com/6718-2/", "reference_id": "USN-6718-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6718-2/" }, { "reference_url": "https://usn.ubuntu.com/6718-3/", "reference_id": "USN-6718-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6718-3/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137961?format=api", "purl": "pkg:generic/curl.se/curl@8.7.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85ne-e7gm-5ua9" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.7.0" } ], "aliases": [ "CVE-2024-2398" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jnq1-hk6d-b3a3" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65707?format=api", "vulnerability_id": "VCID-k3nv-gf9b-5ua2", "summary": "When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38039", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.14797", "scoring_system": "epss", "scoring_elements": "0.94637", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38039" }, { "reference_url": "https://curl.se/docs/CVE-2023-38039.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-38039.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2072338", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://hackerone.com/reports/2072338" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Oct/17", "reference_id": "17", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Oct/17" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239135", "reference_id": "2239135", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2239135" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/34", "reference_id": "34", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/34" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/37", "reference_id": "37", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/37" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/38", "reference_id": "38", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/38" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/", "reference_id": "5DCZMYODALBLVOXVJEN2LF2MLANEYL4F", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://support.apple.com/kb/HT214036", "reference_id": "HT214036", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://support.apple.com/kb/HT214036" }, { "reference_url": "https://support.apple.com/kb/HT214057", "reference_id": "HT214057", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://support.apple.com/kb/HT214057" }, { "reference_url": "https://support.apple.com/kb/HT214058", "reference_id": "HT214058", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://support.apple.com/kb/HT214058" }, { "reference_url": "https://support.apple.com/kb/HT214063", "reference_id": "HT214063", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://support.apple.com/kb/HT214063" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/", "reference_id": "M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231013-0005/", "reference_id": "ntap-20231013-0005", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231013-0005/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7625", "reference_id": "RHSA-2023:7625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" }, { "reference_url": "https://www.insyde.com/security-pledge/SA-2023064", "reference_id": "SA-2023064", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://www.insyde.com/security-pledge/SA-2023064" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/", "reference_id": "TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/" }, { "reference_url": "https://usn.ubuntu.com/6363-1/", "reference_id": "USN-6363-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6363-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137957?format=api", "purl": "pkg:generic/curl.se/curl@8.3.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.3.0" } ], "aliases": [ "CVE-2023-38039" ], "risk_score": 3.4, "exploitability": "0.5", "weighted_severity": "6.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k3nv-gf9b-5ua2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65718?format=api", "vulnerability_id": "VCID-kq38-7s5x-nqaz", "summary": "libcurl's ASN1 parser code has the `GTime2str()` function, used for parsing an ASN.1 Generalized Time field. If given an syntactically incorrect field, the parser might end up using -1 for the length of the *time fraction*, leading to a `strlen()` getting performed on a pointer to a heap buffer area that is not (purposely) null terminated. This flaw most likely leads to a crash, but can also lead to heap contents getting returned to the application when [CURLINFO_CERTINFO](https://curl.se/libcurl/c/CURLINFO_CERTINFO.html) is used.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7264", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00796", "scoring_system": "epss", "scoring_elements": "0.74375", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-7264" }, { "reference_url": "https://curl.se/docs/CVE-2024-7264.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/" } ], "url": "https://curl.se/docs/CVE-2024-7264.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2629968", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/" } ], "url": "https://hackerone.com/reports/2629968" }, { "reference_url": "http://www.openwall.com/lists/oss-security/2024/07/31/1", "reference_id": "1", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/" } ], "url": "http://www.openwall.com/lists/oss-security/2024/07/31/1" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656", "reference_id": "1077656", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888", "reference_id": "2301888", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2301888" }, { "reference_url": "https://curl.se/docs/CVE-2024-7264.json", "reference_id": "CVE-2024-7264.json", "reference_type": "", "scores": [ { "value": "6.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/" } ], "url": "https://curl.se/docs/CVE-2024-7264.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:7726", "reference_id": "RHSA-2024:7726", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:7726" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1671", "reference_id": "RHSA-2025:1671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1673", "reference_id": "RHSA-2025:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1673" }, { "reference_url": "https://usn.ubuntu.com/6944-1/", "reference_id": "USN-6944-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6944-1/" }, { "reference_url": "https://usn.ubuntu.com/6944-2/", "reference_id": "USN-6944-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6944-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137965?format=api", "purl": "pkg:generic/curl.se/curl@8.9.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.9.1" } ], "aliases": [ "CVE-2024-7264" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kq38-7s5x-nqaz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/44795?format=api", "vulnerability_id": "VCID-kvmd-97y1-tbcz", "summary": "Double Free\nA double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate \"handles\". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.6", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27537", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00071", "scoring_system": "epss", "scoring_elements": "0.21929", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27537" }, { "reference_url": "https://curl.se/docs/CVE-2023-27537.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27537.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1897203", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1897203" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179097", "reference_id": "2179097", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179097" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27537", "reference_id": "CVE-2023-27537", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-27537" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27537" ], "risk_score": 2.5, "exploitability": "0.5", "weighted_severity": "5.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-kvmd-97y1-tbcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65726?format=api", "vulnerability_id": "VCID-p155-gbtu-abg1", "summary": "curl's code for managing SSH connections when SFTP was done using the wolfSSH powered backend was flawed and missed host verification mechanisms. This prevents curl from detecting MITM attackers and more.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10966", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00033", "scoring_system": "epss", "scoring_elements": "0.10057", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-10966" }, { "reference_url": "https://curl.se/docs/CVE-2025-10966.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/" } ], "url": "https://curl.se/docs/CVE-2025-10966.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3355218", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/" } ], "url": "https://hackerone.com/reports/3355218" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413308", "reference_id": "2413308", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2413308" }, { "reference_url": "https://curl.se/docs/CVE-2025-10966.json", "reference_id": "CVE-2025-10966.json", "reference_type": "", "scores": [ { "value": "4.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/" } ], "url": "https://curl.se/docs/CVE-2025-10966.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137977?format=api", "purl": "pkg:generic/curl.se/curl@8.17.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.17.0" } ], "aliases": [ "CVE-2025-10966" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p155-gbtu-abg1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65702?format=api", "vulnerability_id": "VCID-p97a-kjpp-f3d8", "summary": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27534", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00064", "scoring_system": "epss", "scoring_elements": "0.2016", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-27534" }, { "reference_url": "https://curl.se/docs/CVE-2023-27534.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-27534.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1892351", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1892351" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069", "reference_id": "2179069", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179069" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6679", "reference_id": "RHSA-2023:6679", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6679" }, { "reference_url": "https://usn.ubuntu.com/5964-1/", "reference_id": "USN-5964-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5964-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137950?format=api", "purl": "pkg:generic/curl.se/curl@8.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0" } ], "aliases": [ "CVE-2023-27534" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p97a-kjpp-f3d8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4859?format=api", "vulnerability_id": "VCID-razg-yr7y-ukgd", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38545", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.26747", "scoring_system": "epss", "scoring_elements": "0.96449", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2187833", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2187833" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241933", "reference_id": "2241933", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241933" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/34", "reference_id": "34", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/34" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/37", "reference_id": "37", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/37" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/38", "reference_id": "38", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/38" }, { "reference_url": "https://security.archlinux.org/AVG-2845", "reference_id": "AVG-2845", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2845" }, { "reference_url": "https://security.archlinux.org/AVG-2846", "reference_id": "AVG-2846", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2846" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545", "reference_id": "CVE-2023-38545", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38545" }, { "reference_url": "https://curl.se/docs/CVE-2023-38545.html", "reference_id": "CVE-2023-38545.HTML", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "High", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "https://curl.se/docs/CVE-2023-38545.html" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/", "reference_id": "high-severity-heap-buffer-overflow-vulnerability", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/" }, { "reference_url": "https://support.apple.com/kb/HT214036", "reference_id": "HT214036", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "https://support.apple.com/kb/HT214036" }, { "reference_url": "https://support.apple.com/kb/HT214057", "reference_id": "HT214057", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "https://support.apple.com/kb/HT214057" }, { "reference_url": "https://support.apple.com/kb/HT214058", "reference_id": "HT214058", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "https://support.apple.com/kb/HT214058" }, { "reference_url": "https://support.apple.com/kb/HT214063", "reference_id": "HT214063", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "https://support.apple.com/kb/HT214063" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20231027-0009/", "reference_id": "ntap-20231027-0009", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20231027-0009/" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240201-0005/", "reference_id": "ntap-20240201-0005", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240201-0005/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/", "reference_id": "OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5700", "reference_id": "RHSA-2023:5700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5763", "reference_id": "RHSA-2023:5763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6745", "reference_id": "RHSA-2023:6745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7625", "reference_id": "RHSA-2023:7625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0797", "reference_id": "RHSA-2024:0797", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0797" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2011", "reference_id": "RHSA-2024:2011", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2011" }, { "reference_url": "https://usn.ubuntu.com/6429-1/", "reference_id": "USN-6429-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6429-1/" }, { "reference_url": "https://usn.ubuntu.com/6429-3/", "reference_id": "USN-6429-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6429-3/" }, { "reference_url": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868", "reference_id": "viewtopic.php?f=8&t=8868", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/" } ], "url": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137958?format=api", "purl": "pkg:generic/curl.se/curl@8.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.4.0" } ], "aliases": [ "CVE-2023-38545" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-razg-yr7y-ukgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61673?format=api", "vulnerability_id": "VCID-secz-78pt-dben", "summary": "curl: curl: Proxy credential disclosure via redirects to unauthenticated proxies", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6253.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6253.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6253", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.0003", "scoring_system": "epss", "scoring_elements": "0.08936", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6253" }, { "reference_url": "https://curl.se/docs/CVE-2026-6253.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:42:30Z/" } ], "url": "https://curl.se/docs/CVE-2026-6253.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6253", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6253" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3669637", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:42:30Z/" } ], "url": "https://hackerone.com/reports/3669637" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461202", "reference_id": "2461202", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461202" }, { "reference_url": "https://curl.se/docs/CVE-2026-6253.json", "reference_id": "CVE-2026-6253.json", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:42:30Z/" } ], "url": "https://curl.se/docs/CVE-2026-6253.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" }, { "reference_url": "https://usn.ubuntu.com/8227-1/", "reference_id": "USN-8227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8227-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-6253" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-secz-78pt-dben" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65706?format=api", "vulnerability_id": "VCID-sutv-qt2x-2yc7", "summary": "An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28322", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00631", "scoring_system": "epss", "scoring_elements": "0.70725", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-28322" }, { "reference_url": "https://curl.se/docs/CVE-2023-28322.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-28322.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1954658", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "https://hackerone.com/reports/1954658" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239", "reference_id": "1036239", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793", "reference_id": "2196793", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2196793" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/47", "reference_id": "47", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/47" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/48", "reference_id": "48", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/48" }, { "reference_url": "http://seclists.org/fulldisclosure/2023/Jul/52", "reference_id": "52", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "http://seclists.org/fulldisclosure/2023/Jul/52" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/", "reference_id": "F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://support.apple.com/kb/HT213843", "reference_id": "HT213843", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "https://support.apple.com/kb/HT213843" }, { "reference_url": "https://support.apple.com/kb/HT213844", "reference_id": "HT213844", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "https://support.apple.com/kb/HT213844" }, { "reference_url": "https://support.apple.com/kb/HT213845", "reference_id": "HT213845", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "https://support.apple.com/kb/HT213845" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230609-0009/", "reference_id": "ntap-20230609-0009", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230609-0009/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4354", "reference_id": "RHSA-2023:4354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4628", "reference_id": "RHSA-2023:4628", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4628" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4629", "reference_id": "RHSA-2023:4629", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4629" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5598", "reference_id": "RHSA-2023:5598", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5598" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0585", "reference_id": "RHSA-2024:0585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1601", "reference_id": "RHSA-2024:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2092", "reference_id": "RHSA-2024:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2093", "reference_id": "RHSA-2024:2093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "reference_url": "https://usn.ubuntu.com/6237-1/", "reference_id": "USN-6237-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6237-1/" }, { "reference_url": "https://usn.ubuntu.com/6237-3/", "reference_id": "USN-6237-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6237-3/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/", "reference_id": "Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137952?format=api", "purl": "pkg:generic/curl.se/curl@8.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0" } ], "aliases": [ "CVE-2023-28322" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-sutv-qt2x-2yc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65711?format=api", "vulnerability_id": "VCID-u1p8-s8vm-3yer", "summary": "When asked to both use a `.netrc` file for credentials and to follow HTTP redirects, curl could leak the password used for the first host to the followed-to host under certain circumstances. This flaw only manifests itself if the netrc file has an entry that matches the redirect target hostname but the entry either omits just the password or omits both login and password.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11053.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11053.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11053", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.01399", "scoring_system": "epss", "scoring_elements": "0.80776", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-11053" }, { "reference_url": "https://curl.se/docs/CVE-2024-11053.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-15T16:47:42Z/" } ], "url": "https://curl.se/docs/CVE-2024-11053.html" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2829063", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-15T16:47:42Z/" } ], "url": "https://hackerone.com/reports/2829063" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089682", "reference_id": "1089682", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089682" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331191", "reference_id": "2331191", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2331191" }, { "reference_url": "https://curl.se/docs/CVE-2024-11053.json", "reference_id": "CVE-2024-11053.json", "reference_type": "", "scores": [ { "value": "3.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-15T16:47:42Z/" } ], "url": "https://curl.se/docs/CVE-2024-11053.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1671", "reference_id": "RHSA-2025:1671", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1671" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2025:1673", "reference_id": "RHSA-2025:1673", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2025:1673" }, { "reference_url": "https://usn.ubuntu.com/7162-1/", "reference_id": "USN-7162-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7162-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137969?format=api", "purl": "pkg:generic/curl.se/curl@8.11.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-ejn1-w8wj-1qau" }, { "vulnerability": "VCID-ezve-gc2h-qyga" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.11.1" } ], "aliases": [ "CVE-2024-11053" ], "risk_score": 2.6, "exploitability": "0.5", "weighted_severity": "5.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u1p8-s8vm-3yer" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65733?format=api", "vulnerability_id": "VCID-v82t-s9e1-2fbw", "summary": "When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.1", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15079", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00031", "scoring_system": "epss", "scoring_elements": "0.09398", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2025-15079" }, { "reference_url": "https://curl.se/docs/CVE-2025-15079.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/" } ], "url": "https://curl.se/docs/CVE-2025-15079.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3477116", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/" } ], "url": "https://hackerone.com/reports/3477116" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426409", "reference_id": "2426409", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2426409" }, { "reference_url": "https://curl.se/docs/CVE-2025-15079.json", "reference_id": "CVE-2025-15079.json", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/" } ], "url": "https://curl.se/docs/CVE-2025-15079.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8062-1/", "reference_id": "USN-8062-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-1/" }, { "reference_url": "https://usn.ubuntu.com/8062-2/", "reference_id": "USN-8062-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8062-2/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137978?format=api", "purl": "pkg:generic/curl.se/curl@8.18.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fxgf-t3ue-6qhf" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0" } ], "aliases": [ "CVE-2025-15079" ], "risk_score": 3.6, "exploitability": "0.5", "weighted_severity": "7.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v82t-s9e1-2fbw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/4858?format=api", "vulnerability_id": "VCID-w472-84ep-fkdx", "summary": "multiple issues", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38546", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00441", "scoring_system": "epss", "scoring_elements": "0.63576", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-38546" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2148242", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/2148242" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241938", "reference_id": "2241938", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2241938" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/34", "reference_id": "34", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/34" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/37", "reference_id": "37", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/37" }, { "reference_url": "http://seclists.org/fulldisclosure/2024/Jan/38", "reference_id": "38", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/" } ], "url": "http://seclists.org/fulldisclosure/2024/Jan/38" }, { "reference_url": "https://security.archlinux.org/AVG-2845", "reference_id": "AVG-2845", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2845" }, { "reference_url": "https://security.archlinux.org/AVG-2846", "reference_id": "AVG-2846", "reference_type": "", "scores": [ { "value": "High", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-2846" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546", "reference_id": "CVE-2023-38546", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-38546" }, { "reference_url": "https://curl.se/docs/CVE-2023-38546.html", "reference_id": "CVE-2023-38546.HTML", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/" } ], "url": "https://curl.se/docs/CVE-2023-38546.html" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://support.apple.com/kb/HT214036", "reference_id": "HT214036", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/" } ], "url": "https://support.apple.com/kb/HT214036" }, { "reference_url": "https://support.apple.com/kb/HT214057", "reference_id": "HT214057", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/" } ], "url": "https://support.apple.com/kb/HT214057" }, { "reference_url": "https://support.apple.com/kb/HT214058", "reference_id": "HT214058", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/" } ], "url": "https://support.apple.com/kb/HT214058" }, { "reference_url": "https://support.apple.com/kb/HT214063", "reference_id": "HT214063", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/" } ], "url": "https://support.apple.com/kb/HT214063" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/", "reference_id": "OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5700", "reference_id": "RHSA-2023:5700", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5700" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:5763", "reference_id": "RHSA-2023:5763", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:5763" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6292", "reference_id": "RHSA-2023:6292", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6292" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:6745", "reference_id": "RHSA-2023:6745", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:6745" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7540", "reference_id": "RHSA-2023:7540", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7540" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7625", "reference_id": "RHSA-2023:7625", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7625" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:7626", "reference_id": "RHSA-2023:7626", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:7626" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1601", "reference_id": "RHSA-2024:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2092", "reference_id": "RHSA-2024:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2093", "reference_id": "RHSA-2024:2093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2101", "reference_id": "RHSA-2024:2101", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2101" }, { "reference_url": "https://usn.ubuntu.com/6429-1/", "reference_id": "USN-6429-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6429-1/" }, { "reference_url": "https://usn.ubuntu.com/6429-2/", "reference_id": "USN-6429-2", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6429-2/" }, { "reference_url": "https://usn.ubuntu.com/6429-3/", "reference_id": "USN-6429-3", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6429-3/" }, { "reference_url": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868", "reference_id": "viewtopic.php?f=8&t=8868", "reference_type": "", "scores": [ { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/" } ], "url": "https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137958?format=api", "purl": "pkg:generic/curl.se/curl@8.4.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.4.0" } ], "aliases": [ "CVE-2023-38546" ], "risk_score": 4.0, "exploitability": "0.5", "weighted_severity": "8.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w472-84ep-fkdx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61670?format=api", "vulnerability_id": "VCID-w8ff-vxga-8qcz", "summary": "curl: curl: Information disclosure due to incorrect TLS connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4873.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4873.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4873", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00014", "scoring_system": "epss", "scoring_elements": "0.02591", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-4873" }, { "reference_url": "https://curl.se/docs/CVE-2026-4873.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:29:14Z/" } ], "url": "https://curl.se/docs/CVE-2026-4873.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4873", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-4873" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3621851", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:29:14Z/" } ], "url": "https://hackerone.com/reports/3621851" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461200", "reference_id": "2461200", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461200" }, { "reference_url": "https://curl.se/docs/CVE-2026-4873.json", "reference_id": "CVE-2026-4873.json", "reference_type": "", "scores": [ { "value": "5.9", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-13T19:29:14Z/" } ], "url": "https://curl.se/docs/CVE-2026-4873.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" }, { "reference_url": "https://usn.ubuntu.com/8227-1/", "reference_id": "USN-8227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8227-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-4873" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-w8ff-vxga-8qcz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/61676?format=api", "vulnerability_id": "VCID-wgur-psum-pbck", "summary": "curl: libcurl: Information disclosure due to cookie leak when reusing connections with custom Host headers", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6276.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-6276.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6276", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00013", "scoring_system": "epss", "scoring_elements": "0.02088", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-6276" }, { "reference_url": "https://curl.se/docs/CVE-2026-6276.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:24:29Z/" } ], "url": "https://curl.se/docs/CVE-2026-6276.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6276", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-6276" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "3.7", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3671818", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:24:29Z/" } ], "url": "https://hackerone.com/reports/3671818" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461203", "reference_id": "2461203", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2461203" }, { "reference_url": "https://curl.se/docs/CVE-2026-6276.json", "reference_id": "CVE-2026-6276.json", "reference_type": "", "scores": [ { "value": "7.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-05-13T17:24:29Z/" } ], "url": "https://curl.se/docs/CVE-2026-6276.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:12916", "reference_id": "RHSA-2026:12916", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:12916" }, { "reference_url": "https://usn.ubuntu.com/8227-1/", "reference_id": "USN-8227-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8227-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137980?format=api", "purl": "pkg:generic/curl.se/curl@8.20.0", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.20.0" } ], "aliases": [ "CVE-2026-6276" ], "risk_score": 1.6, "exploitability": "0.5", "weighted_severity": "3.3", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wgur-psum-pbck" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65708?format=api", "vulnerability_id": "VCID-wmam-qmmg-6uay", "summary": "This flaw allows a malicious HTTP server to set \"super cookies\" in curl that are then passed back to more origins than what is otherwise allowed or possible. This allows a site to set cookies that then would get sent to different and unrelated sites and domains. It could do this by exploiting a mixed case flaw in curl's function that verifies a given cookie domain against the Public Suffix List (PSL). For example a cookie could be set with `domain=co.UK` when the URL used a lower case hostname `curl.co.uk`, even though `co.uk` is listed as a PSL domain.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "5.3", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46218", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00219", "scoring_system": "epss", "scoring_elements": "0.44593", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-46218" }, { "reference_url": "https://curl.se/docs/CVE-2023-46218.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/" } ], "url": "https://curl.se/docs/CVE-2023-46218.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2212193", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/" } ], "url": "https://hackerone.com/reports/2212193" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646", "reference_id": "1057646", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252030", "reference_id": "2252030", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2252030" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/", "reference_id": "3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5587", "reference_id": "dsa-5587", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5587" }, { "reference_url": "https://security.gentoo.org/glsa/202409-20", "reference_id": "GLSA-202409-20", "reference_type": "", "scores": [], "url": "https://security.gentoo.org/glsa/202409-20" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html", "reference_id": "msg00015.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20240125-0007/", "reference_id": "ntap-20240125-0007", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20240125-0007/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0428", "reference_id": "RHSA-2024:0428", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0428" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0434", "reference_id": "RHSA-2024:0434", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0434" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0452", "reference_id": "RHSA-2024:0452", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0452" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:0585", "reference_id": "RHSA-2024:0585", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:0585" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1129", "reference_id": "RHSA-2024:1129", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1129" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1316", "reference_id": "RHSA-2024:1316", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1316" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1317", "reference_id": "RHSA-2024:1317", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1317" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1383", "reference_id": "RHSA-2024:1383", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1383" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:1601", "reference_id": "RHSA-2024:1601", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:1601" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2092", "reference_id": "RHSA-2024:2092", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2092" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2093", "reference_id": "RHSA-2024:2093", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2093" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2024:2094", "reference_id": "RHSA-2024:2094", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2024:2094" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/", "reference_id": "UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-05-28T16:38:08Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/" }, { "reference_url": "https://usn.ubuntu.com/6535-1/", "reference_id": "USN-6535-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6535-1/" }, { "reference_url": "https://usn.ubuntu.com/6641-1/", "reference_id": "USN-6641-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/6641-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137959?format=api", "purl": "pkg:generic/curl.se/curl@8.5.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-h7v8-bg58-mkhu" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-ke97-b9rb-5bfd" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.5.0" } ], "aliases": [ "CVE-2023-46218" ], "risk_score": 2.4, "exploitability": "0.5", "weighted_severity": "4.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wmam-qmmg-6uay" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65719?format=api", "vulnerability_id": "VCID-y41p-tgpa-m7cs", "summary": "When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If the returned status reports another error than 'revoked' (like for example 'unauthorized') it is not treated as a bad certficate.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8096", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00559", "scoring_system": "epss", "scoring_elements": "0.68652", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2024-8096" }, { "reference_url": "https://curl.se/docs/CVE-2024-8096.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/" } ], "url": "https://curl.se/docs/CVE-2024-8096.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/2669852", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/" } ], "url": "https://hackerone.com/reports/2669852" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310519", "reference_id": "2310519", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310519" }, { "reference_url": "https://curl.se/docs/CVE-2024-8096.json", "reference_id": "CVE-2024-8096.json", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/" } ], "url": "https://curl.se/docs/CVE-2024-8096.json" }, { "reference_url": "https://usn.ubuntu.com/7012-1/", "reference_id": "USN-7012-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/7012-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137966?format=api", "purl": "pkg:generic/curl.se/curl@8.10.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bp56-gy66-mqae" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-ns6z-wp2x-fkdq" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-t45k-skv6-cfg2" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.10.0" } ], "aliases": [ "CVE-2024-8096" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y41p-tgpa-m7cs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65103?format=api", "vulnerability_id": "VCID-y44u-23he-aya8", "summary": "curl: curl: Unauthorized access due to improper HTTP proxy connection reuse", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3784", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00025", "scoring_system": "epss", "scoring_elements": "0.07339", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2026-3784" }, { "reference_url": "https://curl.se/docs/CVE-2026-3784.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/" } ], "url": "https://curl.se/docs/CVE-2026-3784.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.6", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/3584903", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/" } ], "url": "https://hackerone.com/reports/3584903" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446449", "reference_id": "2446449", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2446449" }, { "reference_url": "https://curl.se/docs/CVE-2026-3784.json", "reference_id": "CVE-2026-3784.json", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/" } ], "url": "https://curl.se/docs/CVE-2026-3784.json" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2026:6893", "reference_id": "RHSA-2026:6893", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2026:6893" }, { "reference_url": "https://usn.ubuntu.com/8084-1/", "reference_id": "USN-8084-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8084-1/" }, { "reference_url": "https://usn.ubuntu.com/8099-1/", "reference_id": "USN-8099-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/8099-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137979?format=api", "purl": "pkg:generic/curl.se/curl@8.19.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-9vbs-w124-q3au" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0" } ], "aliases": [ "CVE-2026-3784" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y44u-23he-aya8" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65698?format=api", "vulnerability_id": "VCID-287k-bzqy-n7ag", "summary": "A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality fail when multiple URLs are requested serially. Using its HSTS support, curl can be instructed to use HTTPS instead of usingan insecure clear-text HTTP step even when HTTP is provided in the URL. ThisHSTS mechanism would however surprisingly be ignored by subsequent transferswhen done on the same command line because the state would not be properlycarried on.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23914.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23914.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23914", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29098", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00111", "scoring_system": "epss", "scoring_elements": "0.29168", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23914" }, { "reference_url": "https://curl.se/docs/CVE-2023-23914.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-23914.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1813864", "reference_id": "", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/" } ], "url": "https://hackerone.com/reports/1813864" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371", "reference_id": "1031371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167797", "reference_id": "2167797", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167797" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230309-0006/", "reference_id": "ntap-20230309-0006", "reference_type": "", "scores": [ { "value": "9.1", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "value": "Track*", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230309-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://usn.ubuntu.com/5891-1/", "reference_id": "USN-5891-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5891-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137948?format=api", "purl": "pkg:generic/curl.se/curl@7.88.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-kvmd-97y1-tbcz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0" } ], "aliases": [ "CVE-2023-23914" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-287k-bzqy-n7ag" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65700?format=api", "vulnerability_id": "VCID-cfry-nx5h-kudv", "summary": "An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the \"chained\" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable \"links\" in this \"decompression chain\" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a \"malloc bomb\", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23916.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23916.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23916", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20718", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00066", "scoring_system": "epss", "scoring_elements": "0.20793", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23916" }, { "reference_url": "https://curl.se/docs/CVE-2023-23916.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Medium", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-23916.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1826048", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/" } ], "url": "https://hackerone.com/reports/1826048" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371", "reference_id": "1031371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815", "reference_id": "2167815", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167815" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/", "reference_id": "BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/" } ], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/" }, { "reference_url": "https://www.debian.org/security/2023/dsa-5365", "reference_id": "dsa-5365", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/" } ], "url": "https://www.debian.org/security/2023/dsa-5365" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html", "reference_id": "msg00035.html", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/" } ], "url": "https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230309-0006/", "reference_id": "ntap-20230309-0006", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230309-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1140", "reference_id": "RHSA-2023:1140", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1140" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1701", "reference_id": "RHSA-2023:1701", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1701" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:1842", "reference_id": "RHSA-2023:1842", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:1842" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3460", "reference_id": "RHSA-2023:3460", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3460" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:4139", "reference_id": "RHSA-2023:4139", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:4139" }, { "reference_url": "https://usn.ubuntu.com/5891-1/", "reference_id": "USN-5891-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5891-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137948?format=api", "purl": "pkg:generic/curl.se/curl@7.88.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-kvmd-97y1-tbcz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0" } ], "aliases": [ "CVE-2023-23916" ], "risk_score": 3.0, "exploitability": "0.5", "weighted_severity": "5.9", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-cfry-nx5h-kudv" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/65699?format=api", "vulnerability_id": "VCID-nwvb-d466-4uaa", "summary": "A cleartext transmission of sensitive information vulnerability exists in curl <v7.88.0 that could cause HSTS functionality to behave incorrectly when multiple URLs are requested in parallel. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This HSTS mechanism would however surprisingly fail when multiple transfers are done in parallel as the HSTS cache file gets overwritten by the most recentlycompleted transfer. A later HTTP-only transfer to the earlier host name would then *not* get upgraded properly to HSTS.", "references": [ { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23915.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "4.2", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23915.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23915", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11875", "published_at": "2026-06-04T12:55:00Z" }, { "value": "0.00039", "scoring_system": "epss", "scoring_elements": "0.11961", "published_at": "2026-06-05T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2023-23915" }, { "reference_url": "https://curl.se/docs/CVE-2023-23915.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "Low", "scoring_system": "cvssv3.1", "scoring_elements": "" } ], "url": "https://curl.se/docs/CVE-2023-23915.html" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23915", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23915" }, { "reference_url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml", "reference_id": "", "reference_type": "", "scores": [ { "value": "7.4", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" } ], "url": "https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml" }, { "reference_url": "https://hackerone.com/reports/1814333", "reference_id": "", "reference_type": "", "scores": [], "url": "https://hackerone.com/reports/1814333" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371", "reference_id": "1031371", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167813", "reference_id": "2167813", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2167813" }, { "reference_url": "https://security.gentoo.org/glsa/202310-12", "reference_id": "GLSA-202310-12", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:46:29Z/" } ], "url": "https://security.gentoo.org/glsa/202310-12" }, { "reference_url": "https://security.netapp.com/advisory/ntap-20230309-0006/", "reference_id": "ntap-20230309-0006", "reference_type": "", "scores": [ { "value": "6.5", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "value": "Track", "scoring_system": "ssvc", "scoring_elements": "SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:46:29Z/" } ], "url": "https://security.netapp.com/advisory/ntap-20230309-0006/" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3354", "reference_id": "RHSA-2023:3354", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3354" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2023:3355", "reference_id": "RHSA-2023:3355", "reference_type": "", "scores": [], "url": "https://access.redhat.com/errata/RHSA-2023:3355" }, { "reference_url": "https://usn.ubuntu.com/5891-1/", "reference_id": "USN-5891-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/5891-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/137948?format=api", "purl": "pkg:generic/curl.se/curl@7.88.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1dw3-33ju-jkbs" }, { "vulnerability": "VCID-1zsv-4jdy-63en" }, { "vulnerability": "VCID-21ff-tazv-9ud3" }, { "vulnerability": "VCID-39qh-jayw-g3dh" }, { "vulnerability": "VCID-3p2z-61gq-muhs" }, { "vulnerability": "VCID-5un8-xymy-37bt" }, { "vulnerability": "VCID-6en5-etsd-2bce" }, { "vulnerability": "VCID-6ggz-pa5t-77c4" }, { "vulnerability": "VCID-7wqd-99h2-e7hk" }, { "vulnerability": "VCID-85qb-zec7-subc" }, { "vulnerability": "VCID-a8z6-bswu-jue8" }, { "vulnerability": "VCID-azcz-b8f2-63be" }, { "vulnerability": "VCID-bcuq-n4vb-k7f3" }, { "vulnerability": "VCID-bx2m-n5ft-3be8" }, { "vulnerability": "VCID-f9nm-d5ax-qkcb" }, { "vulnerability": "VCID-fcb7-8163-muf4" }, { "vulnerability": "VCID-ffmg-djmk-57hn" }, { "vulnerability": "VCID-g4n9-kg3s-pfcr" }, { "vulnerability": "VCID-g7ux-4vz2-ckfg" }, { "vulnerability": "VCID-gueb-wzpx-ufb2" }, { "vulnerability": "VCID-gux4-dncg-h7a6" }, { "vulnerability": "VCID-hhms-2hg6-nke9" }, { "vulnerability": "VCID-jnq1-hk6d-b3a3" }, { "vulnerability": "VCID-k3nv-gf9b-5ua2" }, { "vulnerability": "VCID-kq38-7s5x-nqaz" }, { "vulnerability": "VCID-kvmd-97y1-tbcz" }, { "vulnerability": "VCID-p155-gbtu-abg1" }, { "vulnerability": "VCID-p97a-kjpp-f3d8" }, { "vulnerability": "VCID-razg-yr7y-ukgd" }, { "vulnerability": "VCID-secz-78pt-dben" }, { "vulnerability": "VCID-sutv-qt2x-2yc7" }, { "vulnerability": "VCID-u1p8-s8vm-3yer" }, { "vulnerability": "VCID-v82t-s9e1-2fbw" }, { "vulnerability": "VCID-w472-84ep-fkdx" }, { "vulnerability": "VCID-w8ff-vxga-8qcz" }, { "vulnerability": "VCID-wgur-psum-pbck" }, { "vulnerability": "VCID-wmam-qmmg-6uay" }, { "vulnerability": "VCID-y41p-tgpa-m7cs" }, { "vulnerability": "VCID-y44u-23he-aya8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0" } ], "aliases": [ "CVE-2023-23915" ], "risk_score": 1.9, "exploitability": "0.5", "weighted_severity": "3.8", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nwvb-d466-4uaa" } ], "risk_score": "4.0", "resource_url": "http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0" }