Package Instance

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html

reference_url

reference_id

msg00016.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html

reference_url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_id

ntap-20230609-0009

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4354
reference_id	RHSA-2023:4354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4354

reference_url	https://access.redhat.com/errata/RHSA-2023:4523
reference_id	RHSA-2023:4523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4523

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://access.redhat.com/errata/RHSA-2023:5598
reference_id	RHSA-2023:5598
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5598

reference_url	https://access.redhat.com/errata/RHSA-2023:6292
reference_id	RHSA-2023:6292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6292

reference_url	https://usn.ubuntu.com/6237-1/
reference_id	USN-6237-1
reference_type
scores
url	https://usn.ubuntu.com/6237-1/

reference_url	https://usn.ubuntu.com/6237-3/
reference_id	USN-6237-3
reference_type
scores
url	https://usn.ubuntu.com/6237-3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

reference_id

Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

fixed_packages

url pkg:generic/curl.se/curl@8.1.0

purl pkg:generic/curl.se/curl@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0

aliases CVE-2023-28321

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47qb-2qkw-1qej

url VCID-4e1k-7bj9-hfch

vulnerability_id VCID-4e1k-7bj9-hfch

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23914.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23914.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23914

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31906
published_at	2026-04-21T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32088
published_at	2026-04-04T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31911
published_at	2026-04-07T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31963
published_at	2026-04-08T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31992
published_at	2026-04-09T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31995
published_at	2026-04-11T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31955
published_at	2026-04-16T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31922
published_at	2026-04-13T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31934
published_at	2026-04-18T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32048
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23914

reference_url

https://curl.se/docs/CVE-2023-23914.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-23914.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1813864

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/

url

https://hackerone.com/reports/1813864

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371
reference_id	1031371
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2167797
reference_id	2167797
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2167797

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/

url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_url

reference_id

ntap-20230309-0006

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/

url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://usn.ubuntu.com/5891-1/
reference_id	USN-5891-1
reference_type
scores
url	https://usn.ubuntu.com/5891-1/

fixed_packages

url pkg:generic/curl.se/curl@7.88.0

purl pkg:generic/curl.se/curl@7.88.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-47qb-2qkw-1qej

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-7srk-hshe-h3f4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-arjz-67yz-wkg9

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-cbah-e86c-w3fj

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-ke81-x2ze-rbc5

vulnerability	VCID-m15r-v9sr-2bbn

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-ms2r-94ph-yyh3

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-s73y-y7v7-43cm

vulnerability	VCID-syz5-5y6f-s7er

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0

aliases CVE-2023-23914

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4e1k-7bj9-hfch

url VCID-4gze-cwtp-2bgr

vulnerability_id VCID-4gze-cwtp-2bgr

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23915.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23915.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23915

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.13823
published_at	2026-04-21T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13836
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1392
published_at	2026-04-08T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13973
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1393
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13894
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13846
published_at	2026-04-13T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13754
published_at	2026-04-16T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13749
published_at	2026-04-18T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13978
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.14033
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23915

reference_url

https://curl.se/docs/CVE-2023-23915.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-23915.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23915
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23915

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1814333
reference_id
reference_type
scores
url	https://hackerone.com/reports/1814333

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371
reference_id	1031371
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2167813
reference_id	2167813
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2167813

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:46:29Z/

url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_url

reference_id

ntap-20230309-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:46:29Z/

url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://usn.ubuntu.com/5891-1/
reference_id	USN-5891-1
reference_type
scores
url	https://usn.ubuntu.com/5891-1/

fixed_packages

url pkg:generic/curl.se/curl@7.88.0

purl pkg:generic/curl.se/curl@7.88.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-47qb-2qkw-1qej

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-7srk-hshe-h3f4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-arjz-67yz-wkg9

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-cbah-e86c-w3fj

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-ke81-x2ze-rbc5

vulnerability	VCID-m15r-v9sr-2bbn

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-ms2r-94ph-yyh3

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-s73y-y7v7-43cm

vulnerability	VCID-syz5-5y6f-s7er

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0

aliases CVE-2023-23915

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gze-cwtp-2bgr

url VCID-4seq-hvbx-7fg8

vulnerability_id VCID-4seq-hvbx-7fg8

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46219.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46219.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46219

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42362
published_at	2026-04-21T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42478
published_at	2026-04-11T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.4244
published_at	2026-04-12T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.4241
published_at	2026-04-13T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42459
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42434
published_at	2026-04-18T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44723
published_at	2026-04-04T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44703
published_at	2026-04-02T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44716
published_at	2026-04-09T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44713
published_at	2026-04-08T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.4466
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46219

reference_url

https://curl.se/docs/CVE-2023-46219.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/

url

https://curl.se/docs/CVE-2023-46219.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46219
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46219

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2236133

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/

url

https://hackerone.com/reports/2236133

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057645
reference_id	1057645
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057645

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252034
reference_id	2252034
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252034

reference_url

https://www.debian.org/security/2023/dsa-5587

reference_id

dsa-5587

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/

url

https://www.debian.org/security/2023/dsa-5587

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url

https://security.netapp.com/advisory/ntap-20240119-0007/

reference_id

ntap-20240119-0007

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/

url

https://security.netapp.com/advisory/ntap-20240119-0007/

reference_url	https://access.redhat.com/errata/RHSA-2024:1316
reference_id	RHSA-2024:1316
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1316

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/

reference_id

UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/

reference_url	https://usn.ubuntu.com/6535-1/
reference_id	USN-6535-1
reference_type
scores
url	https://usn.ubuntu.com/6535-1/

fixed_packages

url pkg:generic/curl.se/curl@8.5.0

purl pkg:generic/curl.se/curl@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2vwu-y316-gbb2

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-b69q-9yrr-myf7

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.5.0

aliases CVE-2023-46219

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4seq-hvbx-7fg8

url VCID-5xp7-mcsa-uqd4

vulnerability_id VCID-5xp7-mcsa-uqd4

summary

When doing TLS related transfers with reused easy or multi handles and
altering the  `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally
reuse a CA store cached in memory for which the partial chain option was
reversed. Contrary to the user's wishes and expectations. This could make
libcurl find and accept a trust chain that it otherwise would not.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14819

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.13995
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1384
published_at	2026-04-21T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13991
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13948
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13911
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13863
published_at	2026-04-13T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13771
published_at	2026-04-16T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13766
published_at	2026-04-18T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1405
published_at	2026-04-04T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13854
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13938
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14819

reference_url

https://curl.se/docs/CVE-2025-14819.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/

url

https://curl.se/docs/CVE-2025-14819.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2426408
reference_id	2426408
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2426408

reference_url

https://curl.se/docs/CVE-2025-14819.json

reference_id

CVE-2025-14819.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/

url

https://curl.se/docs/CVE-2025-14819.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

fixed_packages

url pkg:generic/curl.se/curl@8.18.0

purl pkg:generic/curl.se/curl@8.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0

aliases CVE-2025-14819

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xp7-mcsa-uqd4

url VCID-6we4-n888-6qhe

vulnerability_id VCID-6we4-n888-6qhe

summary libcurl: Buffer Overflow in libcurl via zlib Integer Overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0725

reference_id

reference_type

scores

value	0.00442
scoring_system	epss
scoring_elements	0.63322
published_at	2026-04-11T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63305
published_at	2026-04-09T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63314
published_at	2026-04-18T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.6327
published_at	2026-04-13T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63306
published_at	2026-04-16T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.6384
published_at	2026-04-21T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63788
published_at	2026-04-02T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63815
published_at	2026-04-04T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63772
published_at	2026-04-07T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63823
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0725

reference_url

https://curl.se/docs/CVE-2025-0725.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/

url

https://curl.se/docs/CVE-2025-0725.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2956023

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/

url

https://hackerone.com/reports/2956023

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343899
reference_id	2343899
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343899

reference_url

https://curl.se/docs/CVE-2025-0725.json

reference_id

CVE-2025-0725.json

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/

url

https://curl.se/docs/CVE-2025-0725.json

fixed_packages

url pkg:generic/curl.se/curl@8.12.0

purl pkg:generic/curl.se/curl@8.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.0

aliases CVE-2025-0725

risk_score 2.9

exploitability 0.5

weighted_severity 5.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6we4-n888-6qhe

url VCID-75nw-4e2d-zqgg

vulnerability_id VCID-75nw-4e2d-zqgg

summary curl: libcurl: ASN.1 date parser overread

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7264

reference_id

reference_type

scores

value	0.00796
scoring_system	epss
scoring_elements	0.74029
published_at	2026-04-21T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73947
published_at	2026-04-02T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73973
published_at	2026-04-04T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73943
published_at	2026-04-07T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73978
published_at	2026-04-08T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75407
published_at	2026-04-12T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75396
published_at	2026-04-13T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75437
published_at	2026-04-16T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75443
published_at	2026-04-18T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75409
published_at	2026-04-09T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75429
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7264

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.openwall.com/lists/oss-security/2024/07/31/1

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/

url

http://www.openwall.com/lists/oss-security/2024/07/31/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656
reference_id	1077656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2301888
reference_id	2301888
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2301888

reference_url

https://hackerone.com/reports/2629968

reference_id

2629968

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/

url

https://hackerone.com/reports/2629968

reference_url

https://curl.se/docs/CVE-2024-7264.html

reference_id

CVE-2024-7264.html

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/

url

https://curl.se/docs/CVE-2024-7264.html

reference_url

https://curl.se/docs/CVE-2024-7264.json

reference_id

CVE-2024-7264.json

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/

url

https://curl.se/docs/CVE-2024-7264.json

reference_url	https://access.redhat.com/errata/RHSA-2024:7726
reference_id	RHSA-2024:7726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7726

reference_url	https://access.redhat.com/errata/RHSA-2025:1671
reference_id	RHSA-2025:1671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1671

reference_url	https://access.redhat.com/errata/RHSA-2025:1673
reference_id	RHSA-2025:1673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1673

reference_url	https://usn.ubuntu.com/6944-1/
reference_id	USN-6944-1
reference_type
scores
url	https://usn.ubuntu.com/6944-1/

reference_url	https://usn.ubuntu.com/6944-2/
reference_id	USN-6944-2
reference_type
scores
url	https://usn.ubuntu.com/6944-2/

fixed_packages

url pkg:generic/curl.se/curl@8.9.1

purl pkg:generic/curl.se/curl@8.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.9.1

aliases CVE-2024-7264

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-75nw-4e2d-zqgg

url VCID-7srk-hshe-h3f4

vulnerability_id VCID-7srk-hshe-h3f4

summary

Improper Authentication
An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27538

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01621
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03588
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03574
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03579
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03622
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.036
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03599
published_at	2026-04-07T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05559
published_at	2026-04-18T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05545
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05595
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05601
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27538

reference_url

https://curl.se/docs/CVE-2023-27538.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27538.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1898475

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://hackerone.com/reports/1898475

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179103
reference_id	2179103
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179103

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27538
reference_id	CVE-2023-27538
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27538

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

reference_id

msg00025.html

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_id

ntap-20230420-0010

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

fixed_packages

url pkg:generic/curl.se/curl@8.0.0

purl pkg:generic/curl.se/curl@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-47qb-2qkw-1qej

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-m15r-v9sr-2bbn

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-s73y-y7v7-43cm

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0

aliases CVE-2023-27538

risk_score 3.5

exploitability 0.5

weighted_severity 6.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7srk-hshe-h3f4

url VCID-8zks-th64-33b8

vulnerability_id VCID-8zks-th64-33b8

summary curl: curl: Unauthorized access due to improper HTTP proxy connection reuse

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3784

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03051
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03037
published_at	2026-04-02T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03053
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03056
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03081
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03044
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03659
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03709
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03792
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03671
published_at	2026-04-18T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03683
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3784

reference_url

https://curl.se/docs/CVE-2026-3784.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/

url

https://curl.se/docs/CVE-2026-3784.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3584903

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/

url

https://hackerone.com/reports/3584903

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2446449
reference_id	2446449
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2446449

reference_url

https://curl.se/docs/CVE-2026-3784.json

reference_id

CVE-2026-3784.json

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/

url

https://curl.se/docs/CVE-2026-3784.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8084-1/
reference_id	USN-8084-1
reference_type
scores
url	https://usn.ubuntu.com/8084-1/

reference_url	https://usn.ubuntu.com/8099-1/
reference_id	USN-8099-1
reference_type
scores
url	https://usn.ubuntu.com/8099-1/

fixed_packages

url	pkg:generic/curl.se/curl@8.19.0
purl	pkg:generic/curl.se/curl@8.19.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0

aliases CVE-2026-3784

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zks-th64-33b8

url VCID-arjz-67yz-wkg9

vulnerability_id VCID-arjz-67yz-wkg9

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27533

reference_id

reference_type

scores

value	0.00174
scoring_system	epss
scoring_elements	0.38719
published_at	2026-04-21T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40389
published_at	2026-04-07T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40439
published_at	2026-04-02T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.4044
published_at	2026-04-08T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40465
published_at	2026-04-04T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40463
published_at	2026-04-16T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40415
published_at	2026-04-13T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40434
published_at	2026-04-12T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40472
published_at	2026-04-11T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40451
published_at	2026-04-09T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.4427
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27533

reference_url

https://curl.se/docs/CVE-2023-27533.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27533.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1891474

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://hackerone.com/reports/1891474

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179062
reference_id	2179062
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179062

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_id

36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

reference_id

msg00025.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0011/

reference_id

ntap-20230420-0011

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://security.netapp.com/advisory/ntap-20230420-0011/

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

reference_url	https://usn.ubuntu.com/5964-2/
reference_id	USN-5964-2
reference_type
scores
url	https://usn.ubuntu.com/5964-2/

fixed_packages

url pkg:generic/curl.se/curl@8.0.0

purl pkg:generic/curl.se/curl@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-47qb-2qkw-1qej

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-m15r-v9sr-2bbn

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-s73y-y7v7-43cm

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0

aliases CVE-2023-27533

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arjz-67yz-wkg9

url VCID-bz4u-6rft-s3a8

vulnerability_id VCID-bz4u-6rft-s3a8

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38039

reference_id

reference_type

scores

value	0.12305
scoring_system	epss
scoring_elements	0.93847
published_at	2026-04-07T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.9386
published_at	2026-04-09T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93856
published_at	2026-04-08T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93845
published_at	2026-04-04T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93835
published_at	2026-04-02T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93894
published_at	2026-04-21T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93893
published_at	2026-04-18T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93887
published_at	2026-04-16T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93865
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38039

reference_url

https://curl.se/docs/CVE-2023-38039.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-38039.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2072338

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://hackerone.com/reports/2072338

reference_url

http://seclists.org/fulldisclosure/2023/Oct/17

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

http://seclists.org/fulldisclosure/2023/Oct/17

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2239135
reference_id	2239135
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2239135

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/

reference_url

reference_id

5DCZMYODALBLVOXVJEN2LF2MLANEYL4F

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214036

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214057

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214058

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214063

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/

reference_url

reference_id

M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/

reference_url

https://security.netapp.com/advisory/ntap-20231013-0005/

reference_id

ntap-20231013-0005

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://security.netapp.com/advisory/ntap-20231013-0005/

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url

https://www.insyde.com/security-pledge/SA-2023064

reference_id

SA-2023064

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://www.insyde.com/security-pledge/SA-2023064

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/

reference_id

TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/

reference_url	https://usn.ubuntu.com/6363-1/
reference_id	USN-6363-1
reference_type
scores
url	https://usn.ubuntu.com/6363-1/

fixed_packages

url pkg:generic/curl.se/curl@8.3.0

purl pkg:generic/curl.se/curl@8.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.3.0

aliases CVE-2023-38039

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bz4u-6rft-s3a8

url VCID-cbah-e86c-w3fj

vulnerability_id VCID-cbah-e86c-w3fj

summary

Improper Authentication
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27535

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10803
published_at	2026-04-21T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.2017
published_at	2026-04-07T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20386
published_at	2026-04-02T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20446
published_at	2026-04-04T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20231
published_at	2026-04-18T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20226
published_at	2026-04-16T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20236
published_at	2026-04-13T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20295
published_at	2026-04-12T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20341
published_at	2026-04-11T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20311
published_at	2026-04-09T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20251
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27535

reference_url

https://curl.se/docs/CVE-2023-27535.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27535.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1892780

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://hackerone.com/reports/1892780

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179073
reference_id	2179073
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179073

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_id

36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27535
reference_id	CVE-2023-27535
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27535

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

reference_id

msg00025.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_id

ntap-20230420-0010

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:2650
reference_id	RHSA-2023:2650
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2650

reference_url	https://access.redhat.com/errata/RHSA-2023:3106
reference_id	RHSA-2023:3106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3106

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

reference_url	https://usn.ubuntu.com/5964-2/
reference_id	USN-5964-2
reference_type
scores
url	https://usn.ubuntu.com/5964-2/

fixed_packages

url pkg:generic/curl.se/curl@8.0.0

purl pkg:generic/curl.se/curl@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-47qb-2qkw-1qej

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-m15r-v9sr-2bbn

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-s73y-y7v7-43cm

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0

aliases CVE-2023-27535

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbah-e86c-w3fj

url VCID-ddgz-rczw-jqfw

vulnerability_id VCID-ddgz-rczw-jqfw

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28320

reference_id

reference_type

scores

value	0.00538
scoring_system	epss
scoring_elements	0.67593
published_at	2026-04-18T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67504
published_at	2026-04-07T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67581
published_at	2026-04-16T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67546
published_at	2026-04-13T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67579
published_at	2026-04-12T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67592
published_at	2026-04-11T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.6757
published_at	2026-04-09T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67526
published_at	2026-04-04T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67556
published_at	2026-04-08T12:55:00Z

value	0.00641
scoring_system	epss
scoring_elements	0.70622
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28320

reference_url

https://curl.se/docs/CVE-2023-28320.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-28320.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1929597

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

https://hackerone.com/reports/1929597

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id	1036239
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196783
reference_id	2196783
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196783

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url

reference_id

ntap-20230609-0009

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

fixed_packages

url pkg:generic/curl.se/curl@8.1.0

purl pkg:generic/curl.se/curl@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0

aliases CVE-2023-28320

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ddgz-rczw-jqfw

url VCID-etzn-uhck-h7b2

vulnerability_id VCID-etzn-uhck-h7b2

summary curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3783

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.03509
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03496
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0352
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03521
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03544
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.035
published_at	2026-04-11T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04144
published_at	2026-04-16T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.042
published_at	2026-04-12T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04277
published_at	2026-04-21T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04152
published_at	2026-04-18T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04175
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3783

reference_url

https://curl.se/docs/CVE-2026-3783.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/

url

https://curl.se/docs/CVE-2026-3783.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3583983

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/

url

https://hackerone.com/reports/3583983

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2446450
reference_id	2446450
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2446450

reference_url

https://curl.se/docs/CVE-2026-3783.json

reference_id

CVE-2026-3783.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/

url

https://curl.se/docs/CVE-2026-3783.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8084-1/
reference_id	USN-8084-1
reference_type
scores
url	https://usn.ubuntu.com/8084-1/

reference_url	https://usn.ubuntu.com/8099-1/
reference_id	USN-8099-1
reference_type
scores
url	https://usn.ubuntu.com/8099-1/

fixed_packages

url	pkg:generic/curl.se/curl@8.19.0
purl	pkg:generic/curl.se/curl@8.19.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0

aliases CVE-2026-3783

risk_score 2.5

exploitability 0.5

weighted_severity 5.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etzn-uhck-h7b2

url VCID-gnx2-djyk-uyaf

vulnerability_id VCID-gnx2-djyk-uyaf

summary

Cookie injection with none file
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.

libcurl performs transfers. In its API, an application creates "easy handles"
that are the individual handles for single transfers.

libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).

If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle does not read any cookies from a specific file on
disk, the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters, no quotes).

Subsequent use of the cloned handle that does not explicitly set a source to
load cookies from would then inadvertently load cookies from a file named
`none` - if such a file exists and is readable in the current directory of the
program using libcurl. And if using the correct file format of course.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38546

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.49032
published_at	2026-04-18T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49036
published_at	2026-04-16T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48985
published_at	2026-04-12T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48964
published_at	2026-04-02T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49012
published_at	2026-04-11T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48995
published_at	2026-04-09T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48998
published_at	2026-04-08T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48991
published_at	2026-04-13T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48944
published_at	2026-04-07T12:55:00Z

value	0.00263
scoring_system	epss
scoring_elements	0.49733
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/2148242
reference_id
reference_type
scores
url	https://hackerone.com/reports/2148242

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2241938
reference_id	2241938
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2241938

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

AVG-2845

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2846

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://curl.se/docs/CVE-2023-38546.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38546
reference_id	CVE-2023-38546
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38546

reference_url

reference_id

CVE-2023-38546.HTML

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://curl.se/docs/CVE-2023-38546.html

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

reference_url

reference_id

HT214036

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

HT214057

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

HT214058

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

HT214063

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_url

reference_id

OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_url	https://access.redhat.com/errata/RHSA-2023:5700
reference_id	RHSA-2023:5700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5700

reference_url	https://access.redhat.com/errata/RHSA-2023:5763
reference_id	RHSA-2023:5763
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5763

reference_url	https://access.redhat.com/errata/RHSA-2023:6292
reference_id	RHSA-2023:6292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6292

reference_url	https://access.redhat.com/errata/RHSA-2023:6745
reference_id	RHSA-2023:6745
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6745

reference_url	https://access.redhat.com/errata/RHSA-2023:7540
reference_id	RHSA-2023:7540
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7540

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2024:1601
reference_id	RHSA-2024:1601
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1601

reference_url	https://access.redhat.com/errata/RHSA-2024:2092
reference_id	RHSA-2024:2092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2092

reference_url	https://access.redhat.com/errata/RHSA-2024:2093
reference_id	RHSA-2024:2093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2093

reference_url	https://access.redhat.com/errata/RHSA-2024:2101
reference_id	RHSA-2024:2101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2101

reference_url	https://usn.ubuntu.com/6429-1/
reference_id	USN-6429-1
reference_type
scores
url	https://usn.ubuntu.com/6429-1/

reference_url	https://usn.ubuntu.com/6429-2/
reference_id	USN-6429-2
reference_type
scores
url	https://usn.ubuntu.com/6429-2/

reference_url	https://usn.ubuntu.com/6429-3/
reference_id	USN-6429-3
reference_type
scores
url	https://usn.ubuntu.com/6429-3/

reference_url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

reference_id

viewtopic.php?f=8&t=8868

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

fixed_packages

url pkg:generic/curl.se/curl@8.4.0

purl pkg:generic/curl.se/curl@8.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.4.0

aliases CVE-2023-38546

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnx2-djyk-uyaf

url VCID-hrsy-694u-2fec

vulnerability_id VCID-hrsy-694u-2fec

summary curl: OCSP stapling bypass with GnuTLS

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8096

reference_id

reference_type

scores

value	0.00515
scoring_system	epss
scoring_elements	0.6663
published_at	2026-04-21T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66559
published_at	2026-04-07T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66606
published_at	2026-04-08T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.6662
published_at	2026-04-09T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66638
published_at	2026-04-11T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66626
published_at	2026-04-12T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66593
published_at	2026-04-13T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66629
published_at	2026-04-16T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66644
published_at	2026-04-18T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66562
published_at	2026-04-02T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66587
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8096

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2310519
reference_id	2310519
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2310519

reference_url

https://hackerone.com/reports/2669852

reference_id

2669852

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/

url

https://hackerone.com/reports/2669852

reference_url

https://curl.se/docs/CVE-2024-8096.html

reference_id

CVE-2024-8096.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/

url

https://curl.se/docs/CVE-2024-8096.html

reference_url

https://curl.se/docs/CVE-2024-8096.json

reference_id

CVE-2024-8096.json

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/

url

https://curl.se/docs/CVE-2024-8096.json

reference_url	https://usn.ubuntu.com/7012-1/
reference_id	USN-7012-1
reference_type
scores
url	https://usn.ubuntu.com/7012-1/

fixed_packages

url pkg:generic/curl.se/curl@8.10.0

purl pkg:generic/curl.se/curl@8.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.10.0

aliases CVE-2024-8096

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hrsy-694u-2fec

url VCID-m15r-v9sr-2bbn

vulnerability_id VCID-m15r-v9sr-2bbn

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28319

reference_id

reference_type

scores

value	0.0032
scoring_system	epss
scoring_elements	0.55117
published_at	2026-04-21T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55072
published_at	2026-04-02T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55097
published_at	2026-04-13T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55073
published_at	2026-04-07T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55122
published_at	2026-04-09T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55134
published_at	2026-04-16T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55114
published_at	2026-04-12T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55138
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28319

reference_url

https://curl.se/docs/CVE-2023-28319.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-28319.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1913733

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://hackerone.com/reports/1913733

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id	1036239
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196778
reference_id	2196778
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196778

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url

reference_id

ntap-20230609-0009

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

fixed_packages

url pkg:generic/curl.se/curl@8.1.0

purl pkg:generic/curl.se/curl@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0

aliases CVE-2023-28319

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m15r-v9sr-2bbn

url VCID-mkyr-w79c-qqfz

vulnerability_id VCID-mkyr-w79c-qqfz

summary curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14017

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00624
published_at	2026-04-21T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00587
published_at	2026-04-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00586
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00582
published_at	2026-04-12T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00583
published_at	2026-04-13T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00579
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00584
published_at	2026-04-18T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.006
published_at	2026-04-02T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00593
published_at	2026-04-08T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00595
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14017

reference_url

https://curl.se/docs/CVE-2025-14017.html

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/

url

https://curl.se/docs/CVE-2025-14017.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2427870
reference_id	2427870
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2427870

reference_url

https://curl.se/docs/CVE-2025-14017.json

reference_id

CVE-2025-14017.json

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/

url

https://curl.se/docs/CVE-2025-14017.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

reference_url	https://usn.ubuntu.com/8062-2/
reference_id	USN-8062-2
reference_type
scores
url	https://usn.ubuntu.com/8062-2/

fixed_packages

url pkg:generic/curl.se/curl@8.18.0

purl pkg:generic/curl.se/curl@8.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0

aliases CVE-2025-14017

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkyr-w79c-qqfz

url VCID-ms2r-94ph-yyh3

vulnerability_id VCID-ms2r-94ph-yyh3

summary

Improper Authentication
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27536

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01369
published_at	2026-04-21T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01285
published_at	2026-04-02T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0129
published_at	2026-04-04T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01301
published_at	2026-04-07T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01306
published_at	2026-04-08T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0131
published_at	2026-04-09T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01294
published_at	2026-04-11T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01288
published_at	2026-04-12T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01291
published_at	2026-04-13T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01282
published_at	2026-04-16T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01295
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27536

reference_url

https://curl.se/docs/CVE-2023-27536.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27536.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1895135

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://hackerone.com/reports/1895135

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179092
reference_id	2179092
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179092

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_id

36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27536
reference_id	CVE-2023-27536
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27536

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

reference_id

msg00025.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_id

ntap-20230420-0010

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:4523
reference_id	RHSA-2023:4523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4523

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

reference_url	https://usn.ubuntu.com/5964-2/
reference_id	USN-5964-2
reference_type
scores
url	https://usn.ubuntu.com/5964-2/

fixed_packages

url pkg:generic/curl.se/curl@8.0.0

purl pkg:generic/curl.se/curl@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-47qb-2qkw-1qej

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-m15r-v9sr-2bbn

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-s73y-y7v7-43cm

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0

aliases CVE-2023-27536

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ms2r-94ph-yyh3

url VCID-n57n-cymy-z7dr

vulnerability_id VCID-n57n-cymy-z7dr

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23916.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23916.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23916

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25861
published_at	2026-04-21T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2607
published_at	2026-04-02T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2611
published_at	2026-04-04T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25878
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25948
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25999
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26009
published_at	2026-04-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25964
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25905
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25909
published_at	2026-04-16T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2589
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23916

reference_url

https://curl.se/docs/CVE-2023-23916.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-23916.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1826048

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://hackerone.com/reports/1826048

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371
reference_id	1031371
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2167815
reference_id	2167815
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2167815

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/

reference_id

BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/

reference_url

https://www.debian.org/security/2023/dsa-5365

reference_id

dsa-5365

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://www.debian.org/security/2023/dsa-5365

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html

reference_url

reference_id

msg00035.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html

reference_url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_id

ntap-20230309-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:1140
reference_id	RHSA-2023:1140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1140

reference_url	https://access.redhat.com/errata/RHSA-2023:1701
reference_id	RHSA-2023:1701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1701

reference_url	https://access.redhat.com/errata/RHSA-2023:1842
reference_id	RHSA-2023:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1842

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:3460
reference_id	RHSA-2023:3460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3460

reference_url	https://access.redhat.com/errata/RHSA-2023:4139
reference_id	RHSA-2023:4139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4139

reference_url	https://usn.ubuntu.com/5891-1/
reference_id	USN-5891-1
reference_type
scores
url	https://usn.ubuntu.com/5891-1/

fixed_packages

url pkg:generic/curl.se/curl@7.88.0

purl pkg:generic/curl.se/curl@7.88.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-47qb-2qkw-1qej

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-7srk-hshe-h3f4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-arjz-67yz-wkg9

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-cbah-e86c-w3fj

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-ke81-x2ze-rbc5

vulnerability	VCID-m15r-v9sr-2bbn

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-ms2r-94ph-yyh3

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-s73y-y7v7-43cm

vulnerability	VCID-syz5-5y6f-s7er

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.88.0

aliases CVE-2023-23916

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n57n-cymy-z7dr

url VCID-nvzd-v3bs-6qek

vulnerability_id VCID-nvzd-v3bs-6qek

summary When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-15079

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10292
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1034
published_at	2026-04-21T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1026
published_at	2026-04-07T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10333
published_at	2026-04-08T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10399
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10428
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10388
published_at	2026-04-12T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10366
published_at	2026-04-13T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10237
published_at	2026-04-16T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10208
published_at	2026-04-18T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10359
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-15079

reference_url

https://curl.se/docs/CVE-2025-15079.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/

url

https://curl.se/docs/CVE-2025-15079.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3477116

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/

url

https://hackerone.com/reports/3477116

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2426409
reference_id	2426409
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2426409

reference_url

https://curl.se/docs/CVE-2025-15079.json

reference_id

CVE-2025-15079.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/

url

https://curl.se/docs/CVE-2025-15079.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

reference_url	https://usn.ubuntu.com/8062-2/
reference_id	USN-8062-2
reference_type
scores
url	https://usn.ubuntu.com/8062-2/

fixed_packages

url pkg:generic/curl.se/curl@8.18.0

purl pkg:generic/curl.se/curl@8.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0

aliases CVE-2025-15079

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nvzd-v3bs-6qek

url VCID-pwn6-j8vf-rufk

vulnerability_id VCID-pwn6-j8vf-rufk

summary curl: HSTS subdomain overwrites parent cache entry

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json

reference_id

reference_type

scores

value	3.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-9681

reference_id

reference_type

scores

value	0.00725
scoring_system	epss
scoring_elements	0.72606
published_at	2026-04-21T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72515
published_at	2026-04-07T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72554
published_at	2026-04-08T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72566
published_at	2026-04-09T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.7259
published_at	2026-04-11T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72572
published_at	2026-04-12T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72562
published_at	2026-04-13T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72605
published_at	2026-04-16T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72615
published_at	2026-04-18T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72522
published_at	2026-04-02T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72539
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-9681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086804
reference_id	1086804
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086804

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2322969
reference_id	2322969
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2322969

reference_url

https://hackerone.com/reports/2764830

reference_id

2764830

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/

url

https://hackerone.com/reports/2764830

reference_url

https://curl.se/docs/CVE-2024-9681.html

reference_id

CVE-2024-9681.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/

url

https://curl.se/docs/CVE-2024-9681.html

reference_url

https://curl.se/docs/CVE-2024-9681.json

reference_id

CVE-2024-9681.json

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/

url

https://curl.se/docs/CVE-2024-9681.json

reference_url	https://usn.ubuntu.com/7104-1/
reference_id	USN-7104-1
reference_type
scores
url	https://usn.ubuntu.com/7104-1/

fixed_packages

url pkg:generic/curl.se/curl@8.11.0

purl pkg:generic/curl.se/curl@8.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.11.0

aliases CVE-2024-9681

risk_score 2.4

exploitability 0.5

weighted_severity 4.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwn6-j8vf-rufk

url VCID-qdcn-2u3v-b3cv

vulnerability_id VCID-qdcn-2u3v-b3cv

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46218

reference_id

reference_type

scores

value	0.00398
scoring_system	epss
scoring_elements	0.60625
published_at	2026-04-21T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60627
published_at	2026-04-11T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60612
published_at	2026-04-12T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60591
published_at	2026-04-13T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60632
published_at	2026-04-16T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60637
published_at	2026-04-18T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62608
published_at	2026-04-02T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62606
published_at	2026-04-07T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62656
published_at	2026-04-08T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62672
published_at	2026-04-09T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62641
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46218

reference_url

https://curl.se/docs/CVE-2023-46218.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-46218.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/2212193
reference_id
reference_type
scores
url	https://hackerone.com/reports/2212193

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646
reference_id	1057646
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252030
reference_id	2252030
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252030

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://access.redhat.com/errata/RHSA-2024:0434
reference_id	RHSA-2024:0434
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0434

reference_url	https://access.redhat.com/errata/RHSA-2024:0452
reference_id	RHSA-2024:0452
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0452

reference_url	https://access.redhat.com/errata/RHSA-2024:0585
reference_id	RHSA-2024:0585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0585

reference_url	https://access.redhat.com/errata/RHSA-2024:1129
reference_id	RHSA-2024:1129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1129

reference_url	https://access.redhat.com/errata/RHSA-2024:1316
reference_id	RHSA-2024:1316
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1316

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

reference_url	https://access.redhat.com/errata/RHSA-2024:1601
reference_id	RHSA-2024:1601
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1601

reference_url	https://access.redhat.com/errata/RHSA-2024:2092
reference_id	RHSA-2024:2092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2092

reference_url	https://access.redhat.com/errata/RHSA-2024:2093
reference_id	RHSA-2024:2093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2093

reference_url	https://access.redhat.com/errata/RHSA-2024:2094
reference_id	RHSA-2024:2094
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2094

reference_url	https://usn.ubuntu.com/6535-1/
reference_id	USN-6535-1
reference_type
scores
url	https://usn.ubuntu.com/6535-1/

reference_url	https://usn.ubuntu.com/6641-1/
reference_id	USN-6641-1
reference_type
scores
url	https://usn.ubuntu.com/6641-1/

fixed_packages

url pkg:generic/curl.se/curl@8.5.0

purl pkg:generic/curl.se/curl@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2vwu-y316-gbb2

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-b69q-9yrr-myf7

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.5.0

aliases CVE-2023-46218

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdcn-2u3v-b3cv

url VCID-qpux-jh6k-8qhx

vulnerability_id VCID-qpux-jh6k-8qhx

summary curl: Curl missing SFTP host verification with wolfSSH backend

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10966

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04624
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05467
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05252
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05288
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05309
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05274
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.0526
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05246
published_at	2026-04-13T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05191
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07151
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07019
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10966

reference_url

https://curl.se/docs/CVE-2025-10966.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/

url

https://curl.se/docs/CVE-2025-10966.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3355218

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/

url

https://hackerone.com/reports/3355218

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2413308
reference_id	2413308
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2413308

reference_url

https://curl.se/docs/CVE-2025-10966.json

reference_id

CVE-2025-10966.json

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/

url

https://curl.se/docs/CVE-2025-10966.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

fixed_packages

url pkg:generic/curl.se/curl@8.17.0

purl pkg:generic/curl.se/curl@8.17.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.17.0

aliases CVE-2025-10966

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpux-jh6k-8qhx

url VCID-s73y-y7v7-43cm

vulnerability_id VCID-s73y-y7v7-43cm

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28322

reference_id

reference_type

scores

value	0.00581
scoring_system	epss
scoring_elements	0.6893
published_at	2026-04-21T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70232
published_at	2026-04-07T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70238
published_at	2026-04-02T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70255
published_at	2026-04-04T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70341
published_at	2026-04-18T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70331
published_at	2026-04-16T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70289
published_at	2026-04-13T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70302
published_at	2026-04-12T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70317
published_at	2026-04-11T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70294
published_at	2026-04-09T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70278
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28322

reference_url

https://curl.se/docs/CVE-2023-28322.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-28322.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1954658

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://hackerone.com/reports/1954658

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id	1036239
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196793
reference_id	2196793
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196793

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html

reference_url

reference_id

msg00015.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html

reference_url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_id

ntap-20230609-0009

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4354
reference_id	RHSA-2023:4354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4354

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://access.redhat.com/errata/RHSA-2023:5598
reference_id	RHSA-2023:5598
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5598

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://access.redhat.com/errata/RHSA-2024:0585
reference_id	RHSA-2024:0585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0585

reference_url	https://access.redhat.com/errata/RHSA-2024:1601
reference_id	RHSA-2024:1601
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1601

reference_url	https://access.redhat.com/errata/RHSA-2024:2092
reference_id	RHSA-2024:2092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2092

reference_url	https://access.redhat.com/errata/RHSA-2024:2093
reference_id	RHSA-2024:2093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2093

reference_url	https://usn.ubuntu.com/6237-1/
reference_id	USN-6237-1
reference_type
scores
url	https://usn.ubuntu.com/6237-1/

reference_url	https://usn.ubuntu.com/6237-3/
reference_id	USN-6237-3
reference_type
scores
url	https://usn.ubuntu.com/6237-3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

reference_id

Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

fixed_packages

url pkg:generic/curl.se/curl@8.1.0

purl pkg:generic/curl.se/curl@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0

aliases CVE-2023-28322

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s73y-y7v7-43cm

url VCID-syz5-5y6f-s7er

vulnerability_id VCID-syz5-5y6f-s7er

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27534

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.19885
published_at	2026-04-21T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19882
published_at	2026-04-16T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19887
published_at	2026-04-18T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20068
published_at	2026-04-02T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20126
published_at	2026-04-04T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19854
published_at	2026-04-07T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19933
published_at	2026-04-08T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19988
published_at	2026-04-09T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20007
published_at	2026-04-11T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19963
published_at	2026-04-12T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19904
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27534

reference_url

https://curl.se/docs/CVE-2023-27534.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27534.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1892351
reference_id
reference_type
scores
url	https://hackerone.com/reports/1892351

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179069
reference_id	2179069
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179069

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

fixed_packages

url pkg:generic/curl.se/curl@8.0.0

purl pkg:generic/curl.se/curl@8.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-47qb-2qkw-1qej

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-m15r-v9sr-2bbn

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-s73y-y7v7-43cm

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.0.0

aliases CVE-2023-27534

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-syz5-5y6f-s7er

url VCID-t9p4-2x7v-yfaq

vulnerability_id VCID-t9p4-2x7v-yfaq

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0167

reference_id

reference_type

scores

value	0.00331
scoring_system	epss
scoring_elements	0.56114
published_at	2026-04-11T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56103
published_at	2026-04-09T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56112
published_at	2026-04-18T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56109
published_at	2026-04-16T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56074
published_at	2026-04-13T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56091
published_at	2026-04-12T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56809
published_at	2026-04-21T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56789
published_at	2026-04-02T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.5681
published_at	2026-04-04T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56786
published_at	2026-04-07T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56838
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0167

reference_url

https://curl.se/docs/CVE-2025-0167.html

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/

url

https://curl.se/docs/CVE-2025-0167.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2917232

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/

url

https://hackerone.com/reports/2917232

reference_url

https://curl.se/docs/CVE-2025-0167.json

reference_id

CVE-2025-0167.json

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/

url

https://curl.se/docs/CVE-2025-0167.json

reference_url	https://usn.ubuntu.com/8084-1/
reference_id	USN-8084-1
reference_type
scores
url	https://usn.ubuntu.com/8084-1/

fixed_packages

url pkg:generic/curl.se/curl@8.12.0

purl pkg:generic/curl.se/curl@8.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.0

aliases CVE-2025-0167

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9p4-2x7v-yfaq

url VCID-tcqe-7skm-b3fz

vulnerability_id VCID-tcqe-7skm-b3fz

summary

Out-of-bounds Write
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy
handshake.

When curl is asked to pass along the host name to the SOCKS5 proxy to allow
that to resolve the address instead of it getting done by curl itself, the
maximum length that host name can be is 255 bytes.

If the host name is detected to be longer, curl switches to local name
resolving and instead passes on the resolved address only. Due to this bug,
the local variable that means "let the host resolve the name" could get the
wrong value during a slow SOCKS5 handshake, and contrary to the intention,
copy the too long host name to the target buffer instead of copying just the
resolved address there.

The target buffer being a heap based buffer, and the host name coming from the
URL that curl has been told to operate with.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38545

reference_id

reference_type

scores

value	0.2625
scoring_system	epss
scoring_elements	0.96283
published_at	2026-04-07T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96316
published_at	2026-04-18T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96312
published_at	2026-04-16T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96303
published_at	2026-04-13T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96278
published_at	2026-04-04T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.963
published_at	2026-04-12T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96295
published_at	2026-04-09T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96292
published_at	2026-04-08T12:55:00Z

value	0.26747
scoring_system	epss
scoring_elements	0.96359
published_at	2026-04-21T12:55:00Z

value	0.26747
scoring_system	epss
scoring_elements	0.96315
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/2187833
reference_id
reference_type
scores
url	https://hackerone.com/reports/2187833

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2241933
reference_id	2241933
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2241933

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

AVG-2845

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2846

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://curl.se/docs/CVE-2023-38545.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38545
reference_id	CVE-2023-38545
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38545

reference_url

reference_id

CVE-2023-38545.HTML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	High
scoring_system	cvssv3.1
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://curl.se/docs/CVE-2023-38545.html

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

reference_url

https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/

reference_id

high-severity-heap-buffer-overflow-vulnerability

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/

reference_url

reference_id

HT214036

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

HT214057

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

HT214058

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

HT214063

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://security.netapp.com/advisory/ntap-20231027-0009/

reference_url

reference_id

ntap-20231027-0009

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://security.netapp.com/advisory/ntap-20231027-0009/

reference_url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_id

ntap-20240201-0005

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_id

OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_url	https://access.redhat.com/errata/RHSA-2023:5700
reference_id	RHSA-2023:5700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5700

reference_url	https://access.redhat.com/errata/RHSA-2023:5763
reference_id	RHSA-2023:5763
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5763

reference_url	https://access.redhat.com/errata/RHSA-2023:6745
reference_id	RHSA-2023:6745
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6745

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2024:0797
reference_id	RHSA-2024:0797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0797

reference_url	https://access.redhat.com/errata/RHSA-2024:2011
reference_id	RHSA-2024:2011
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2011

reference_url	https://usn.ubuntu.com/6429-1/
reference_id	USN-6429-1
reference_type
scores
url	https://usn.ubuntu.com/6429-1/

reference_url	https://usn.ubuntu.com/6429-3/
reference_id	USN-6429-3
reference_type
scores
url	https://usn.ubuntu.com/6429-3/

reference_url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

reference_id

viewtopic.php?f=8&t=8868

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

fixed_packages

url pkg:generic/curl.se/curl@8.4.0

purl pkg:generic/curl.se/curl@8.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.4.0

aliases CVE-2023-38545

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcqe-7skm-b3fz

url VCID-tha5-fv3w-sub6

vulnerability_id VCID-tha5-fv3w-sub6

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2004

reference_id

reference_type

scores

value	0.00838
scoring_system	epss
scoring_elements	0.7472
published_at	2026-04-21T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74642
published_at	2026-04-02T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74669
published_at	2026-04-04T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74644
published_at	2026-04-07T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74675
published_at	2026-04-08T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.7469
published_at	2026-04-09T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74713
published_at	2026-04-11T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74693
published_at	2026-04-12T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74685
published_at	2026-04-13T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74722
published_at	2026-04-16T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74729
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2004

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.openwall.com/lists/oss-security/2024/03/27/1

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

http://www.openwall.com/lists/oss-security/2024/03/27/1

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://hackerone.com/reports/2384833

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270500
reference_id	2270500
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270500

reference_url

reference_id

2384833

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://hackerone.com/reports/2384833

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

reference_id

2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

reference_url

https://curl.se/docs/CVE-2024-2004.html

reference_id

CVE-2024-2004.html

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://curl.se/docs/CVE-2024-2004.html

reference_url

https://curl.se/docs/CVE-2024-2004.json

reference_id

CVE-2024-2004.json

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://curl.se/docs/CVE-2024-2004.json

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

reference_id

GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

reference_url

reference_id

HT214118

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

HT214119

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

HT214120

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://security.netapp.com/advisory/ntap-20240524-0006/

reference_url

reference_id

ntap-20240524-0006

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://security.netapp.com/advisory/ntap-20240524-0006/

reference_url	https://access.redhat.com/errata/RHSA-2024:2693
reference_id	RHSA-2024:2693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2693

reference_url	https://access.redhat.com/errata/RHSA-2024:2694
reference_id	RHSA-2024:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2694

reference_url	https://usn.ubuntu.com/6718-1/
reference_id	USN-6718-1
reference_type
scores
url	https://usn.ubuntu.com/6718-1/

reference_url	https://usn.ubuntu.com/6718-3/
reference_id	USN-6718-3
reference_type
scores
url	https://usn.ubuntu.com/6718-3/

fixed_packages

url pkg:generic/curl.se/curl@8.7.0

purl pkg:generic/curl.se/curl@8.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8m6a-ej6a-g3df

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.7.0

aliases CVE-2024-2004

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tha5-fv3w-sub6

url VCID-u4bx-xqb3-vuef

vulnerability_id VCID-u4bx-xqb3-vuef

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2398

reference_id

reference_type

scores

value	0.01622
scoring_system	epss
scoring_elements	0.81874
published_at	2026-04-21T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83457
published_at	2026-04-02T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83504
published_at	2026-04-09T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83495
published_at	2026-04-08T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.8347
published_at	2026-04-07T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83472
published_at	2026-04-04T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83545
published_at	2026-04-18T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83544
published_at	2026-04-16T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83509
published_at	2026-04-13T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83512
published_at	2026-04-12T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83519
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2398

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://hackerone.com/reports/2402845

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270498
reference_id	2270498
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270498

reference_url

reference_id

2402845

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://hackerone.com/reports/2402845

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

reference_id

2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

reference_url

http://www.openwall.com/lists/oss-security/2024/03/27/3

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

http://www.openwall.com/lists/oss-security/2024/03/27/3

reference_url

https://curl.se/docs/CVE-2024-2398.html

reference_id

CVE-2024-2398.html

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://curl.se/docs/CVE-2024-2398.html

reference_url

https://curl.se/docs/CVE-2024-2398.json

reference_id

CVE-2024-2398.json

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://curl.se/docs/CVE-2024-2398.json

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

reference_id

GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

reference_url

reference_id

HT214118

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

reference_url

reference_id

HT214119

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

reference_url

reference_id

HT214120

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://security.netapp.com/advisory/ntap-20240503-0009/

reference_url

reference_id

ntap-20240503-0009

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://security.netapp.com/advisory/ntap-20240503-0009/

reference_url	https://access.redhat.com/errata/RHSA-2024:10135
reference_id	RHSA-2024:10135
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10135

reference_url	https://access.redhat.com/errata/RHSA-2024:11109
reference_id	RHSA-2024:11109
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:11109

reference_url	https://access.redhat.com/errata/RHSA-2024:2693
reference_id	RHSA-2024:2693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2693

reference_url	https://access.redhat.com/errata/RHSA-2024:2694
reference_id	RHSA-2024:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2694

reference_url	https://access.redhat.com/errata/RHSA-2024:3998
reference_id	RHSA-2024:3998
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3998

reference_url	https://access.redhat.com/errata/RHSA-2024:5529
reference_id	RHSA-2024:5529
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5529

reference_url	https://access.redhat.com/errata/RHSA-2024:5654
reference_id	RHSA-2024:5654
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5654

reference_url	https://access.redhat.com/errata/RHSA-2024:7213
reference_id	RHSA-2024:7213
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7213

reference_url	https://access.redhat.com/errata/RHSA-2024:7374
reference_id	RHSA-2024:7374
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7374

reference_url	https://usn.ubuntu.com/6718-1/
reference_id	USN-6718-1
reference_type
scores
url	https://usn.ubuntu.com/6718-1/

reference_url	https://usn.ubuntu.com/6718-2/
reference_id	USN-6718-2
reference_type
scores
url	https://usn.ubuntu.com/6718-2/

reference_url	https://usn.ubuntu.com/6718-3/
reference_id	USN-6718-3
reference_type
scores
url	https://usn.ubuntu.com/6718-3/

fixed_packages

url pkg:generic/curl.se/curl@8.7.0

purl pkg:generic/curl.se/curl@8.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8m6a-ej6a-g3df

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.7.0

aliases CVE-2024-2398

risk_score 3.9

exploitability 0.5

weighted_severity 7.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u4bx-xqb3-vuef

url VCID-vbbv-k1r7-kkas

vulnerability_id VCID-vbbv-k1r7-kkas

summary When doing SSH-based transfers using either SCP or SFTP, and asked to do public key authentication, curl would wrongly still ask and authenticate using a locally running SSH agent.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15224.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-15224

reference_id

reference_type

scores

value	0.00084
scoring_system	epss
scoring_elements	0.24629
published_at	2026-04-02T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24454
published_at	2026-04-21T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24442
published_at	2026-04-07T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.2451
published_at	2026-04-08T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24554
published_at	2026-04-09T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.2457
published_at	2026-04-11T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24526
published_at	2026-04-12T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.2447
published_at	2026-04-13T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24485
published_at	2026-04-16T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24479
published_at	2026-04-18T12:55:00Z

value	0.00084
scoring_system	epss
scoring_elements	0.24667
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-15224

reference_url

https://curl.se/docs/CVE-2025-15224.html

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/

url

https://curl.se/docs/CVE-2025-15224.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15224

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3480925

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/

url

https://hackerone.com/reports/3480925

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2426410
reference_id	2426410
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2426410

reference_url

https://curl.se/docs/CVE-2025-15224.json

reference_id

CVE-2025-15224.json

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:38:20Z/

url

https://curl.se/docs/CVE-2025-15224.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

reference_url	https://usn.ubuntu.com/8062-2/
reference_id	USN-8062-2
reference_type
scores
url	https://usn.ubuntu.com/8062-2/

fixed_packages

url pkg:generic/curl.se/curl@8.18.0

purl pkg:generic/curl.se/curl@8.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0

aliases CVE-2025-15224

risk_score 2.1

exploitability 0.5

weighted_severity 4.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbbv-k1r7-kkas

url VCID-wgma-bycg-1qb1

vulnerability_id VCID-wgma-bycg-1qb1

summary curl: curl netrc password leak

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11053.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-11053.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-11053

reference_id

reference_type

scores

value	0.00949
scoring_system	epss
scoring_elements	0.76393
published_at	2026-04-21T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76315
published_at	2026-04-07T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76348
published_at	2026-04-08T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76362
published_at	2026-04-09T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76388
published_at	2026-04-11T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76366
published_at	2026-04-12T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76361
published_at	2026-04-13T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76402
published_at	2026-04-16T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76408
published_at	2026-04-18T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76306
published_at	2026-04-02T12:55:00Z

value	0.00949
scoring_system	epss
scoring_elements	0.76336
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-11053

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089682
reference_id	1089682
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1089682

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2331191
reference_id	2331191
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2331191

reference_url

https://hackerone.com/reports/2829063

reference_id

2829063

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-15T16:47:42Z/

url

https://hackerone.com/reports/2829063

reference_url

https://curl.se/docs/CVE-2024-11053.html

reference_id

CVE-2024-11053.html

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-15T16:47:42Z/

url

https://curl.se/docs/CVE-2024-11053.html

reference_url

https://curl.se/docs/CVE-2024-11053.json

reference_id

CVE-2024-11053.json

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-12-15T16:47:42Z/

url

https://curl.se/docs/CVE-2024-11053.json

reference_url	https://access.redhat.com/errata/RHSA-2025:1671
reference_id	RHSA-2025:1671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1671

reference_url	https://access.redhat.com/errata/RHSA-2025:1673
reference_id	RHSA-2025:1673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1673

reference_url	https://usn.ubuntu.com/7162-1/
reference_id	USN-7162-1
reference_type
scores
url	https://usn.ubuntu.com/7162-1/

fixed_packages

url pkg:generic/curl.se/curl@8.11.1

purl pkg:generic/curl.se/curl@8.11.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-26p8-15d6-kbb1

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.11.1

aliases CVE-2024-11053

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wgma-bycg-1qb1

url VCID-x57x-w8g8-7ybz

vulnerability_id VCID-x57x-w8g8-7ybz

summary When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer performs a cross-protocol redirect to a second URL that uses an IMAP, LDAP, POP3 or SMTP scheme, curl might wrongly pass on the bearer token to the new target host.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14524.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14524

reference_id

reference_type

scores

value	0.00026
scoring_system	epss
scoring_elements	0.07128
published_at	2026-04-02T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07251
published_at	2026-04-21T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07151
published_at	2026-04-07T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07206
published_at	2026-04-08T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07237
published_at	2026-04-09T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07234
published_at	2026-04-11T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07222
published_at	2026-04-12T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07212
published_at	2026-04-13T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.0715
published_at	2026-04-16T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07127
published_at	2026-04-18T12:55:00Z

value	0.00026
scoring_system	epss
scoring_elements	0.07177
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14524

reference_url

https://curl.se/docs/CVE-2025-14524.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/

url

https://curl.se/docs/CVE-2025-14524.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14524

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3459417

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/

url

https://hackerone.com/reports/3459417

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2426407
reference_id	2426407
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2426407

reference_url

https://curl.se/docs/CVE-2025-14524.json

reference_id

CVE-2025-14524.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-09T19:24:54Z/

url

https://curl.se/docs/CVE-2025-14524.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

fixed_packages

url pkg:generic/curl.se/curl@8.18.0

purl pkg:generic/curl.se/curl@8.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0

aliases CVE-2025-14524

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-x57x-w8g8-7ybz

Fixing_vulnerabilities

url VCID-9ggp-5wfj-ufcq

vulnerability_id VCID-9ggp-5wfj-ufcq

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-43552

reference_id

reference_type

scores

value	0.00104
scoring_system	epss
scoring_elements	0.28229
published_at	2026-04-21T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42397
published_at	2026-04-07T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42428
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42447
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42458
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42433
published_at	2026-04-18T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42409
published_at	2026-04-13T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.4244
published_at	2026-04-12T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42477
published_at	2026-04-11T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42455
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-43552

reference_url

https://curl.se/docs/CVE-2022-43552.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2022-43552.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1764858

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/

url

https://hackerone.com/reports/1764858

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830
reference_id	1026830
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830

reference_url

http://seclists.org/fulldisclosure/2023/Mar/17

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/

url

http://seclists.org/fulldisclosure/2023/Mar/17

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2152652
reference_id	2152652
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2152652

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/

url

https://support.apple.com/kb/HT213670

reference_url

reference_id

HT213670

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/

url

https://support.apple.com/kb/HT213670

reference_url

https://security.netapp.com/advisory/ntap-20230214-0002/

reference_id

ntap-20230214-0002

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/

url

https://security.netapp.com/advisory/ntap-20230214-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:2478
reference_id	RHSA-2023:2478
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2478

reference_url	https://access.redhat.com/errata/RHSA-2023:2963
reference_id	RHSA-2023:2963
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2963

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:7743
reference_id	RHSA-2023:7743
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7743

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://usn.ubuntu.com/5788-1/
reference_id	USN-5788-1
reference_type
scores
url	https://usn.ubuntu.com/5788-1/

reference_url	https://usn.ubuntu.com/5894-1/
reference_id	USN-5894-1
reference_type
scores
url	https://usn.ubuntu.com/5894-1/

fixed_packages

url pkg:generic/curl.se/curl@7.87.0

purl pkg:generic/curl.se/curl@7.87.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-47qb-2qkw-1qej

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-7srk-hshe-h3f4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-arjz-67yz-wkg9

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-cbah-e86c-w3fj

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-m15r-v9sr-2bbn

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-ms2r-94ph-yyh3

vulnerability	VCID-n57n-cymy-z7dr

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-s73y-y7v7-43cm

vulnerability	VCID-syz5-5y6f-s7er

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@7.87.0

aliases CVE-2022-43552

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ggp-5wfj-ufcq

url VCID-xpss-yndr-mycj

vulnerability_id VCID-xpss-yndr-mycj

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43551.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43551.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-43551

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.12798
published_at	2026-04-21T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12923
published_at	2026-04-02T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12972
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12773
published_at	2026-04-07T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12852
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12902
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12868
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12831
published_at	2026-04-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12786
published_at	2026-04-13T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.1269
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12697
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-43551

reference_url

https://curl.se/docs/CVE-2022-43551.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2022-43551.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43551
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43551

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1755083

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:38:16Z/

url

https://hackerone.com/reports/1755083

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026829
reference_id	1026829
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026829

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2152639
reference_id	2152639
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2152639

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:38:16Z/

url