Package Instance

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html

reference_url

reference_id

msg00016.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html

reference_url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_id

ntap-20230609-0009

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4354
reference_id	RHSA-2023:4354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4354

reference_url	https://access.redhat.com/errata/RHSA-2023:4523
reference_id	RHSA-2023:4523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4523

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://access.redhat.com/errata/RHSA-2023:5598
reference_id	RHSA-2023:5598
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5598

reference_url	https://access.redhat.com/errata/RHSA-2023:6292
reference_id	RHSA-2023:6292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6292

reference_url	https://usn.ubuntu.com/6237-1/
reference_id	USN-6237-1
reference_type
scores
url	https://usn.ubuntu.com/6237-1/

reference_url	https://usn.ubuntu.com/6237-3/
reference_id	USN-6237-3
reference_type
scores
url	https://usn.ubuntu.com/6237-3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

reference_id

Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

fixed_packages

url pkg:generic/curl.se/curl@8.1.0

purl pkg:generic/curl.se/curl@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0

aliases CVE-2023-28321

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47qb-2qkw-1qej

url VCID-4seq-hvbx-7fg8

vulnerability_id VCID-4seq-hvbx-7fg8

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46219.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46219.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46219

reference_id

reference_type

scores

value	0.00203
scoring_system	epss
scoring_elements	0.42459
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42478
published_at	2026-04-11T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.4244
published_at	2026-04-12T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.4241
published_at	2026-04-13T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.4466
published_at	2026-04-07T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44703
published_at	2026-04-02T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44716
published_at	2026-04-09T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44713
published_at	2026-04-08T12:55:00Z

value	0.00221
scoring_system	epss
scoring_elements	0.44723
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46219

reference_url

https://curl.se/docs/CVE-2023-46219.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/

url

https://curl.se/docs/CVE-2023-46219.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46219
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46219

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2236133

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/

url

https://hackerone.com/reports/2236133

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057645
reference_id	1057645
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057645

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252034
reference_id	2252034
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252034

reference_url

https://www.debian.org/security/2023/dsa-5587

reference_id

dsa-5587

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/

url

https://www.debian.org/security/2023/dsa-5587

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url

https://security.netapp.com/advisory/ntap-20240119-0007/

reference_id

ntap-20240119-0007

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/

url

https://security.netapp.com/advisory/ntap-20240119-0007/

reference_url	https://access.redhat.com/errata/RHSA-2024:1316
reference_id	RHSA-2024:1316
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1316

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/

reference_id

UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-12-02T20:01:11Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/

reference_url	https://usn.ubuntu.com/6535-1/
reference_id	USN-6535-1
reference_type
scores
url	https://usn.ubuntu.com/6535-1/

fixed_packages

url pkg:generic/curl.se/curl@8.5.0

purl pkg:generic/curl.se/curl@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2vwu-y316-gbb2

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-b69q-9yrr-myf7

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.5.0

aliases CVE-2023-46219

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4seq-hvbx-7fg8

url VCID-5xp7-mcsa-uqd4

vulnerability_id VCID-5xp7-mcsa-uqd4

summary

When doing TLS related transfers with reused easy or multi handles and
altering the  `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally
reuse a CA store cached in memory for which the partial chain option was
reversed. Contrary to the user's wishes and expectations. This could make
libcurl find and accept a trust chain that it otherwise would not.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14819

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.13995
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13771
published_at	2026-04-16T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13854
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13938
published_at	2026-04-08T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13991
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13948
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13911
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13863
published_at	2026-04-13T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1405
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14819

reference_url

https://curl.se/docs/CVE-2025-14819.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/

url

https://curl.se/docs/CVE-2025-14819.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2426408
reference_id	2426408
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2426408

reference_url

https://curl.se/docs/CVE-2025-14819.json

reference_id

CVE-2025-14819.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/

url

https://curl.se/docs/CVE-2025-14819.json

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

fixed_packages

url pkg:generic/curl.se/curl@8.18.0

purl pkg:generic/curl.se/curl@8.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0

aliases CVE-2025-14819

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xp7-mcsa-uqd4

url VCID-6we4-n888-6qhe

vulnerability_id VCID-6we4-n888-6qhe

summary libcurl: Buffer Overflow in libcurl via zlib Integer Overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0725.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0725

reference_id

reference_type

scores

value	0.00442
scoring_system	epss
scoring_elements	0.6327
published_at	2026-04-13T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63305
published_at	2026-04-09T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63322
published_at	2026-04-11T12:55:00Z

value	0.00442
scoring_system	epss
scoring_elements	0.63306
published_at	2026-04-16T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63788
published_at	2026-04-02T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63823
published_at	2026-04-08T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63815
published_at	2026-04-04T12:55:00Z

value	0.00454
scoring_system	epss
scoring_elements	0.63772
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0725

reference_url

https://curl.se/docs/CVE-2025-0725.html

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/

url

https://curl.se/docs/CVE-2025-0725.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-0725

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2956023

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/

url

https://hackerone.com/reports/2956023

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343899
reference_id	2343899
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343899

reference_url

https://curl.se/docs/CVE-2025-0725.json

reference_id

CVE-2025-0725.json

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-02-05T14:33:50Z/

url

https://curl.se/docs/CVE-2025-0725.json

fixed_packages

url pkg:generic/curl.se/curl@8.12.0

purl pkg:generic/curl.se/curl@8.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.0

aliases CVE-2025-0725

risk_score 2.9

exploitability 0.5

weighted_severity 5.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6we4-n888-6qhe

url VCID-75nw-4e2d-zqgg

vulnerability_id VCID-75nw-4e2d-zqgg

summary curl: libcurl: ASN.1 date parser overread

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-7264.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-7264

reference_id

reference_type

scores

value	0.00796
scoring_system	epss
scoring_elements	0.73947
published_at	2026-04-02T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73978
published_at	2026-04-08T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73943
published_at	2026-04-07T12:55:00Z

value	0.00796
scoring_system	epss
scoring_elements	0.73973
published_at	2026-04-04T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75437
published_at	2026-04-16T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75409
published_at	2026-04-09T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75429
published_at	2026-04-11T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75407
published_at	2026-04-12T12:55:00Z

value	0.00882
scoring_system	epss
scoring_elements	0.75396
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-7264

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-7264

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.openwall.com/lists/oss-security/2024/07/31/1

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/

url

http://www.openwall.com/lists/oss-security/2024/07/31/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656
reference_id	1077656
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077656

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2301888
reference_id	2301888
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2301888

reference_url

https://hackerone.com/reports/2629968

reference_id

2629968

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/

url

https://hackerone.com/reports/2629968

reference_url

https://curl.se/docs/CVE-2024-7264.html

reference_id

CVE-2024-7264.html

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/

url

https://curl.se/docs/CVE-2024-7264.html

reference_url

https://curl.se/docs/CVE-2024-7264.json

reference_id

CVE-2024-7264.json

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-01T20:05:41Z/

url

https://curl.se/docs/CVE-2024-7264.json

reference_url	https://access.redhat.com/errata/RHSA-2024:7726
reference_id	RHSA-2024:7726
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:7726

reference_url	https://access.redhat.com/errata/RHSA-2025:1671
reference_id	RHSA-2025:1671
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1671

reference_url	https://access.redhat.com/errata/RHSA-2025:1673
reference_id	RHSA-2025:1673
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1673

reference_url	https://usn.ubuntu.com/6944-1/
reference_id	USN-6944-1
reference_type
scores
url	https://usn.ubuntu.com/6944-1/

reference_url	https://usn.ubuntu.com/6944-2/
reference_id	USN-6944-2
reference_type
scores
url	https://usn.ubuntu.com/6944-2/

fixed_packages

url pkg:generic/curl.se/curl@8.9.1

purl pkg:generic/curl.se/curl@8.9.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.9.1

aliases CVE-2024-7264

risk_score 2.9

exploitability 0.5

weighted_severity 5.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-75nw-4e2d-zqgg

url VCID-8zks-th64-33b8

vulnerability_id VCID-8zks-th64-33b8

summary curl: curl: Unauthorized access due to improper HTTP proxy connection reuse

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3784.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3784

reference_id

reference_type

scores

value	0.00015
scoring_system	epss
scoring_elements	0.03044
published_at	2026-04-11T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03051
published_at	2026-04-04T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03081
published_at	2026-04-09T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03056
published_at	2026-04-08T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03053
published_at	2026-04-07T12:55:00Z

value	0.00015
scoring_system	epss
scoring_elements	0.03037
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03659
published_at	2026-04-16T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03709
published_at	2026-04-12T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03683
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3784

reference_url

https://curl.se/docs/CVE-2026-3784.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/

url

https://curl.se/docs/CVE-2026-3784.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3784

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3584903

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/

url

https://hackerone.com/reports/3584903

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2446449
reference_id	2446449
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2446449

reference_url

https://curl.se/docs/CVE-2026-3784.json

reference_id

CVE-2026-3784.json

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:48:38Z/

url

https://curl.se/docs/CVE-2026-3784.json

reference_url	https://usn.ubuntu.com/8084-1/
reference_id	USN-8084-1
reference_type
scores
url	https://usn.ubuntu.com/8084-1/

reference_url	https://usn.ubuntu.com/8099-1/
reference_id	USN-8099-1
reference_type
scores
url	https://usn.ubuntu.com/8099-1/

fixed_packages

url	pkg:generic/curl.se/curl@8.19.0
purl	pkg:generic/curl.se/curl@8.19.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0

aliases CVE-2026-3784

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8zks-th64-33b8

url VCID-bz4u-6rft-s3a8

vulnerability_id VCID-bz4u-6rft-s3a8

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38039

reference_id

reference_type

scores

value	0.12305
scoring_system	epss
scoring_elements	0.93887
published_at	2026-04-16T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93835
published_at	2026-04-02T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93845
published_at	2026-04-04T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93847
published_at	2026-04-07T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93856
published_at	2026-04-08T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.9386
published_at	2026-04-09T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93865
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38039

reference_url

https://curl.se/docs/CVE-2023-38039.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-38039.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2072338

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://hackerone.com/reports/2072338

reference_url

http://seclists.org/fulldisclosure/2023/Oct/17

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

http://seclists.org/fulldisclosure/2023/Oct/17

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2239135
reference_id	2239135
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2239135

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/

reference_url

reference_id

5DCZMYODALBLVOXVJEN2LF2MLANEYL4F

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214036

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214057

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214058

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214063

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/

reference_url

reference_id

M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/

reference_url

https://security.netapp.com/advisory/ntap-20231013-0005/

reference_id

ntap-20231013-0005

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://security.netapp.com/advisory/ntap-20231013-0005/

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url

https://www.insyde.com/security-pledge/SA-2023064

reference_id

SA-2023064

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://www.insyde.com/security-pledge/SA-2023064

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/

reference_id

TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/

reference_url	https://usn.ubuntu.com/6363-1/
reference_id	USN-6363-1
reference_type
scores
url	https://usn.ubuntu.com/6363-1/

fixed_packages

url pkg:generic/curl.se/curl@8.3.0

purl pkg:generic/curl.se/curl@8.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.3.0

aliases CVE-2023-38039

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bz4u-6rft-s3a8

url VCID-ddgz-rczw-jqfw

vulnerability_id VCID-ddgz-rczw-jqfw

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28320

reference_id

reference_type

scores

value	0.00538
scoring_system	epss
scoring_elements	0.67581
published_at	2026-04-16T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67504
published_at	2026-04-07T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67526
published_at	2026-04-04T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67556
published_at	2026-04-08T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.6757
published_at	2026-04-09T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67592
published_at	2026-04-11T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67579
published_at	2026-04-12T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67546
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28320

reference_url

https://curl.se/docs/CVE-2023-28320.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-28320.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1929597

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

https://hackerone.com/reports/1929597

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id	1036239
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196783
reference_id	2196783
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196783

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url

reference_id

ntap-20230609-0009

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

fixed_packages

url pkg:generic/curl.se/curl@8.1.0

purl pkg:generic/curl.se/curl@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0

aliases CVE-2023-28320

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ddgz-rczw-jqfw

url VCID-etzn-uhck-h7b2

vulnerability_id VCID-etzn-uhck-h7b2

summary curl: curl: Information disclosure via OAuth2 bearer token leakage during HTTP(S) redirect

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json

reference_id

reference_type

scores

value	5.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3783.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3783

reference_id

reference_type

scores

value	0.00016
scoring_system	epss
scoring_elements	0.035
published_at	2026-04-11T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03509
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03544
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03521
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.0352
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03496
published_at	2026-04-02T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04144
published_at	2026-04-16T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.042
published_at	2026-04-12T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04175
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3783

reference_url

https://curl.se/docs/CVE-2026-3783.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/

url

https://curl.se/docs/CVE-2026-3783.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2026-3783

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3583983

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/

url

https://hackerone.com/reports/3583983

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2446450
reference_id	2446450
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2446450

reference_url

https://curl.se/docs/CVE-2026-3783.json

reference_id

CVE-2026-3783.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T14:25:28Z/

url

https://curl.se/docs/CVE-2026-3783.json

reference_url	https://usn.ubuntu.com/8084-1/
reference_id	USN-8084-1
reference_type
scores
url	https://usn.ubuntu.com/8084-1/

reference_url	https://usn.ubuntu.com/8099-1/
reference_id	USN-8099-1
reference_type
scores
url	https://usn.ubuntu.com/8099-1/

fixed_packages

url	pkg:generic/curl.se/curl@8.19.0
purl	pkg:generic/curl.se/curl@8.19.0
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.19.0

aliases CVE-2026-3783

risk_score 2.5

exploitability 0.5

weighted_severity 5.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-etzn-uhck-h7b2

url VCID-gnx2-djyk-uyaf

vulnerability_id VCID-gnx2-djyk-uyaf

summary

Cookie injection with none file
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.

libcurl performs transfers. In its API, an application creates "easy handles"
that are the individual handles for single transfers.

libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).

If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle does not read any cookies from a specific file on
disk, the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters, no quotes).

Subsequent use of the cloned handle that does not explicitly set a source to
load cookies from would then inadvertently load cookies from a file named
`none` - if such a file exists and is readable in the current directory of the
program using libcurl. And if using the correct file format of course.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38546

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.49036
published_at	2026-04-16T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48964
published_at	2026-04-02T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48991
published_at	2026-04-13T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48944
published_at	2026-04-07T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48998
published_at	2026-04-08T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48995
published_at	2026-04-09T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49012
published_at	2026-04-11T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48985
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/2148242
reference_id
reference_type
scores
url	https://hackerone.com/reports/2148242

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2241938
reference_id	2241938
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2241938

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

AVG-2845

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2846

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://curl.se/docs/CVE-2023-38546.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38546
reference_id	CVE-2023-38546
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38546

reference_url

reference_id

CVE-2023-38546.HTML

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://curl.se/docs/CVE-2023-38546.html

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

reference_url

reference_id

HT214036

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

HT214057

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

HT214058

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

HT214063

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_url

reference_id

OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_url	https://access.redhat.com/errata/RHSA-2023:5700
reference_id	RHSA-2023:5700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5700

reference_url	https://access.redhat.com/errata/RHSA-2023:5763
reference_id	RHSA-2023:5763
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5763

reference_url	https://access.redhat.com/errata/RHSA-2023:6292
reference_id	RHSA-2023:6292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6292

reference_url	https://access.redhat.com/errata/RHSA-2023:6745
reference_id	RHSA-2023:6745
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6745

reference_url	https://access.redhat.com/errata/RHSA-2023:7540
reference_id	RHSA-2023:7540
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7540

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2024:1601
reference_id	RHSA-2024:1601
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1601

reference_url	https://access.redhat.com/errata/RHSA-2024:2092
reference_id	RHSA-2024:2092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2092

reference_url	https://access.redhat.com/errata/RHSA-2024:2093
reference_id	RHSA-2024:2093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2093

reference_url	https://access.redhat.com/errata/RHSA-2024:2101
reference_id	RHSA-2024:2101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2101

reference_url	https://usn.ubuntu.com/6429-1/
reference_id	USN-6429-1
reference_type
scores
url	https://usn.ubuntu.com/6429-1/

reference_url	https://usn.ubuntu.com/6429-2/
reference_id	USN-6429-2
reference_type
scores
url	https://usn.ubuntu.com/6429-2/

reference_url	https://usn.ubuntu.com/6429-3/
reference_id	USN-6429-3
reference_type
scores
url	https://usn.ubuntu.com/6429-3/

reference_url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

reference_id

viewtopic.php?f=8&t=8868

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

fixed_packages

url pkg:generic/curl.se/curl@8.4.0

purl pkg:generic/curl.se/curl@8.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.4.0

aliases CVE-2023-38546

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnx2-djyk-uyaf

url VCID-hrsy-694u-2fec

vulnerability_id VCID-hrsy-694u-2fec

summary curl: OCSP stapling bypass with GnuTLS

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-8096.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-8096

reference_id

reference_type

scores

value	0.00515
scoring_system	epss
scoring_elements	0.66629
published_at	2026-04-16T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66562
published_at	2026-04-02T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66587
published_at	2026-04-04T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66559
published_at	2026-04-07T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66606
published_at	2026-04-08T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.6662
published_at	2026-04-09T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66638
published_at	2026-04-11T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66626
published_at	2026-04-12T12:55:00Z

value	0.00515
scoring_system	epss
scoring_elements	0.66593
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-8096

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-8096

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2310519
reference_id	2310519
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2310519

reference_url

https://hackerone.com/reports/2669852

reference_id

2669852

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/

url

https://hackerone.com/reports/2669852

reference_url

https://curl.se/docs/CVE-2024-8096.html

reference_id

CVE-2024-8096.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/

url

https://curl.se/docs/CVE-2024-8096.html

reference_url

https://curl.se/docs/CVE-2024-8096.json

reference_id

CVE-2024-8096.json

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-09-11T13:42:47Z/

url

https://curl.se/docs/CVE-2024-8096.json

reference_url	https://usn.ubuntu.com/7012-1/
reference_id	USN-7012-1
reference_type
scores
url	https://usn.ubuntu.com/7012-1/

fixed_packages

url pkg:generic/curl.se/curl@8.10.0

purl pkg:generic/curl.se/curl@8.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.10.0

aliases CVE-2024-8096

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hrsy-694u-2fec

url VCID-m15r-v9sr-2bbn

vulnerability_id VCID-m15r-v9sr-2bbn

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28319

reference_id

reference_type

scores

value	0.0032
scoring_system	epss
scoring_elements	0.55114
published_at	2026-04-12T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55072
published_at	2026-04-02T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55097
published_at	2026-04-13T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55073
published_at	2026-04-07T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55122
published_at	2026-04-09T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55134
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28319

reference_url

https://curl.se/docs/CVE-2023-28319.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-28319.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1913733

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://hackerone.com/reports/1913733

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id	1036239
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196778
reference_id	2196778
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196778

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url

reference_id

ntap-20230609-0009

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

fixed_packages

url pkg:generic/curl.se/curl@8.1.0

purl pkg:generic/curl.se/curl@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0

aliases CVE-2023-28319

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m15r-v9sr-2bbn

url VCID-mkyr-w79c-qqfz

vulnerability_id VCID-mkyr-w79c-qqfz

summary curl: curl: Security bypass due to global TLS option changes in multi-threaded LDAPS transfers

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14017.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14017

reference_id

reference_type

scores

value	7e-05
scoring_system	epss
scoring_elements	0.00579
published_at	2026-04-16T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00593
published_at	2026-04-08T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00595
published_at	2026-04-07T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00587
published_at	2026-04-09T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00586
published_at	2026-04-11T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00582
published_at	2026-04-12T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.00583
published_at	2026-04-13T12:55:00Z

value	7e-05
scoring_system	epss
scoring_elements	0.006
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14017

reference_url

https://curl.se/docs/CVE-2025-14017.html

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/

url

https://curl.se/docs/CVE-2025-14017.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-14017

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2427870
reference_id	2427870
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2427870

reference_url

https://curl.se/docs/CVE-2025-14017.json

reference_id

CVE-2025-14017.json

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2026-01-16T15:39:09Z/

url

https://curl.se/docs/CVE-2025-14017.json

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

reference_url	https://usn.ubuntu.com/8062-2/
reference_id	USN-8062-2
reference_type
scores
url	https://usn.ubuntu.com/8062-2/

fixed_packages

url pkg:generic/curl.se/curl@8.18.0

purl pkg:generic/curl.se/curl@8.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0

aliases CVE-2025-14017

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mkyr-w79c-qqfz

url VCID-nvzd-v3bs-6qek

vulnerability_id VCID-nvzd-v3bs-6qek

summary When doing SSH-based transfers using either SCP or SFTP, and setting the known_hosts file, libcurl could still mistakenly accept connecting to hosts *not present* in the specified file if they were added as recognized in the libssh *global* known_hosts file.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-15079.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-15079

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10292
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10237
published_at	2026-04-16T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10359
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.1026
published_at	2026-04-07T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10333
published_at	2026-04-08T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10399
published_at	2026-04-09T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10428
published_at	2026-04-11T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10388
published_at	2026-04-12T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10366
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-15079

reference_url

https://curl.se/docs/CVE-2025-15079.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/

url

https://curl.se/docs/CVE-2025-15079.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-15079

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3477116

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/

url

https://hackerone.com/reports/3477116

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2426409
reference_id	2426409
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2426409

reference_url

https://curl.se/docs/CVE-2025-15079.json

reference_id

CVE-2025-15079.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:45:34Z/

url

https://curl.se/docs/CVE-2025-15079.json

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

reference_url	https://usn.ubuntu.com/8062-2/
reference_id	USN-8062-2
reference_type
scores
url	https://usn.ubuntu.com/8062-2/

fixed_packages

url pkg:generic/curl.se/curl@8.18.0

purl pkg:generic/curl.se/curl@8.18.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.18.0

aliases CVE-2025-15079

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nvzd-v3bs-6qek

url VCID-pwn6-j8vf-rufk

vulnerability_id VCID-pwn6-j8vf-rufk

summary curl: HSTS subdomain overwrites parent cache entry

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json

reference_id

reference_type

scores

value	3.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-9681.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-9681

reference_id

reference_type

scores

value	0.00725
scoring_system	epss
scoring_elements	0.72605
published_at	2026-04-16T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72522
published_at	2026-04-02T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72539
published_at	2026-04-04T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72515
published_at	2026-04-07T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72554
published_at	2026-04-08T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72566
published_at	2026-04-09T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.7259
published_at	2026-04-11T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72572
published_at	2026-04-12T12:55:00Z

value	0.00725
scoring_system	epss
scoring_elements	0.72562
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-9681

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9681

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086804
reference_id	1086804
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086804

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2322969
reference_id	2322969
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2322969

reference_url

https://hackerone.com/reports/2764830

reference_id

2764830

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/

url

https://hackerone.com/reports/2764830

reference_url

https://curl.se/docs/CVE-2024-9681.html

reference_id

CVE-2024-9681.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/

url

https://curl.se/docs/CVE-2024-9681.html

reference_url

https://curl.se/docs/CVE-2024-9681.json

reference_id

CVE-2024-9681.json

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:16:59Z/

url

https://curl.se/docs/CVE-2024-9681.json

reference_url	https://usn.ubuntu.com/7104-1/
reference_id	USN-7104-1
reference_type
scores
url	https://usn.ubuntu.com/7104-1/

fixed_packages

url pkg:generic/curl.se/curl@8.11.0

purl pkg:generic/curl.se/curl@8.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.11.0

aliases CVE-2024-9681

risk_score 2.4

exploitability 0.5

weighted_severity 4.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-pwn6-j8vf-rufk

url VCID-qdcn-2u3v-b3cv

vulnerability_id VCID-qdcn-2u3v-b3cv

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-46218.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-46218

reference_id

reference_type

scores

value	0.00398
scoring_system	epss
scoring_elements	0.60632
published_at	2026-04-16T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60627
published_at	2026-04-11T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60612
published_at	2026-04-12T12:55:00Z

value	0.00398
scoring_system	epss
scoring_elements	0.60591
published_at	2026-04-13T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62608
published_at	2026-04-02T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62656
published_at	2026-04-08T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62672
published_at	2026-04-09T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62606
published_at	2026-04-07T12:55:00Z

value	0.00432
scoring_system	epss
scoring_elements	0.62641
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-46218

reference_url

https://curl.se/docs/CVE-2023-46218.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-46218.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-46218

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/2212193
reference_id
reference_type
scores
url	https://hackerone.com/reports/2212193

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646
reference_id	1057646
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057646

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2252030
reference_id	2252030
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2252030

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://access.redhat.com/errata/RHSA-2024:0434
reference_id	RHSA-2024:0434
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0434

reference_url	https://access.redhat.com/errata/RHSA-2024:0452
reference_id	RHSA-2024:0452
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0452

reference_url	https://access.redhat.com/errata/RHSA-2024:0585
reference_id	RHSA-2024:0585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0585

reference_url	https://access.redhat.com/errata/RHSA-2024:1129
reference_id	RHSA-2024:1129
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1129

reference_url	https://access.redhat.com/errata/RHSA-2024:1316
reference_id	RHSA-2024:1316
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1316

reference_url	https://access.redhat.com/errata/RHSA-2024:1317
reference_id	RHSA-2024:1317
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1317

reference_url	https://access.redhat.com/errata/RHSA-2024:1383
reference_id	RHSA-2024:1383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1383

reference_url	https://access.redhat.com/errata/RHSA-2024:1601
reference_id	RHSA-2024:1601
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1601

reference_url	https://access.redhat.com/errata/RHSA-2024:2092
reference_id	RHSA-2024:2092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2092

reference_url	https://access.redhat.com/errata/RHSA-2024:2093
reference_id	RHSA-2024:2093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2093

reference_url	https://access.redhat.com/errata/RHSA-2024:2094
reference_id	RHSA-2024:2094
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2094

reference_url	https://usn.ubuntu.com/6535-1/
reference_id	USN-6535-1
reference_type
scores
url	https://usn.ubuntu.com/6535-1/

reference_url	https://usn.ubuntu.com/6641-1/
reference_id	USN-6641-1
reference_type
scores
url	https://usn.ubuntu.com/6641-1/

fixed_packages

url pkg:generic/curl.se/curl@8.5.0

purl pkg:generic/curl.se/curl@8.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2vwu-y316-gbb2

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-b69q-9yrr-myf7

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.5.0

aliases CVE-2023-46218

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qdcn-2u3v-b3cv

url VCID-qpux-jh6k-8qhx

vulnerability_id VCID-qpux-jh6k-8qhx

summary curl: Curl missing SFTP host verification with wolfSSH backend

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10966.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10966

reference_id

reference_type

scores

value	0.00018
scoring_system	epss
scoring_elements	0.04624
published_at	2026-04-02T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05191
published_at	2026-04-16T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05467
published_at	2026-04-04T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05252
published_at	2026-04-07T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05288
published_at	2026-04-08T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05309
published_at	2026-04-09T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05274
published_at	2026-04-11T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.0526
published_at	2026-04-12T12:55:00Z

value	0.0002
scoring_system	epss
scoring_elements	0.05246
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10966

reference_url

https://curl.se/docs/CVE-2025-10966.html

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/

url

https://curl.se/docs/CVE-2025-10966.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-10966

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3355218

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/

url

https://hackerone.com/reports/3355218

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2413308
reference_id	2413308
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2413308

reference_url

https://curl.se/docs/CVE-2025-10966.json

reference_id

CVE-2025-10966.json

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-11-10T20:26:03Z/

url

https://curl.se/docs/CVE-2025-10966.json

fixed_packages

url pkg:generic/curl.se/curl@8.17.0

purl pkg:generic/curl.se/curl@8.17.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.17.0

aliases CVE-2025-10966

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpux-jh6k-8qhx

url VCID-s73y-y7v7-43cm

vulnerability_id VCID-s73y-y7v7-43cm

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28322

reference_id

reference_type

scores

value	0.00631
scoring_system	epss
scoring_elements	0.70331
published_at	2026-04-16T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70238
published_at	2026-04-02T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70255
published_at	2026-04-04T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70232
published_at	2026-04-07T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70278
published_at	2026-04-08T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70294
published_at	2026-04-09T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70317
published_at	2026-04-11T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70302
published_at	2026-04-12T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70289
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28322

reference_url

https://curl.se/docs/CVE-2023-28322.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-28322.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1954658

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://hackerone.com/reports/1954658

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id	1036239
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196793
reference_id	2196793
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196793

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html

reference_url

reference_id

msg00015.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html

reference_url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_id

ntap-20230609-0009

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4354
reference_id	RHSA-2023:4354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4354

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://access.redhat.com/errata/RHSA-2023:5598
reference_id	RHSA-2023:5598
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5598

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://access.redhat.com/errata/RHSA-2024:0585
reference_id	RHSA-2024:0585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0585

reference_url	https://access.redhat.com/errata/RHSA-2024:1601
reference_id	RHSA-2024:1601
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1601

reference_url	https://access.redhat.com/errata/RHSA-2024:2092
reference_id	RHSA-2024:2092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2092

reference_url	https://access.redhat.com/errata/RHSA-2024:2093
reference_id	RHSA-2024:2093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2093

reference_url	https://usn.ubuntu.com/6237-1/
reference_id	USN-6237-1
reference_type
scores
url	https://usn.ubuntu.com/6237-1/

reference_url	https://usn.ubuntu.com/6237-3/
reference_id	USN-6237-3
reference_type
scores
url	https://usn.ubuntu.com/6237-3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

reference_id

Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

fixed_packages

url pkg:generic/curl.se/curl@8.1.0

purl pkg:generic/curl.se/curl@8.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-bz4u-6rft-s3a8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-gnx2-djyk-uyaf

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tcqe-7skm-b3fz

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.1.0

aliases CVE-2023-28322

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s73y-y7v7-43cm

url VCID-t9p4-2x7v-yfaq

vulnerability_id VCID-t9p4-2x7v-yfaq

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0167

reference_id

reference_type

scores

value	0.00331
scoring_system	epss
scoring_elements	0.56103
published_at	2026-04-09T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56114
published_at	2026-04-11T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56109
published_at	2026-04-16T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56074
published_at	2026-04-13T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56091
published_at	2026-04-12T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56786
published_at	2026-04-07T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56789
published_at	2026-04-02T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.5681
published_at	2026-04-04T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56838
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0167

reference_url

https://curl.se/docs/CVE-2025-0167.html

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/

url

https://curl.se/docs/CVE-2025-0167.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2917232

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/

url

https://hackerone.com/reports/2917232

reference_url

https://curl.se/docs/CVE-2025-0167.json

reference_id

CVE-2025-0167.json

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/

url

https://curl.se/docs/CVE-2025-0167.json

reference_url	https://usn.ubuntu.com/8084-1/
reference_id	USN-8084-1
reference_type
scores
url	https://usn.ubuntu.com/8084-1/

fixed_packages

url pkg:generic/curl.se/curl@8.12.0

purl pkg:generic/curl.se/curl@8.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-9mjz-apkm-g7h1

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.12.0

aliases CVE-2025-0167

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9p4-2x7v-yfaq

url VCID-tcqe-7skm-b3fz

vulnerability_id VCID-tcqe-7skm-b3fz

summary

Out-of-bounds Write
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy
handshake.

When curl is asked to pass along the host name to the SOCKS5 proxy to allow
that to resolve the address instead of it getting done by curl itself, the
maximum length that host name can be is 255 bytes.

If the host name is detected to be longer, curl switches to local name
resolving and instead passes on the resolved address only. Due to this bug,
the local variable that means "let the host resolve the name" could get the
wrong value during a slow SOCKS5 handshake, and contrary to the intention,
copy the too long host name to the target buffer instead of copying just the
resolved address there.

The target buffer being a heap based buffer, and the host name coming from the
URL that curl has been told to operate with.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38545

reference_id

reference_type

scores

value	0.2625
scoring_system	epss
scoring_elements	0.96312
published_at	2026-04-16T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96278
published_at	2026-04-04T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96283
published_at	2026-04-07T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96292
published_at	2026-04-08T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96295
published_at	2026-04-09T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.963
published_at	2026-04-12T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96303
published_at	2026-04-13T12:55:00Z

value	0.26747
scoring_system	epss
scoring_elements	0.96315
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/2187833
reference_id
reference_type
scores
url	https://hackerone.com/reports/2187833

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2241933
reference_id	2241933
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2241933

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

AVG-2845

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2846

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://curl.se/docs/CVE-2023-38545.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38545
reference_id	CVE-2023-38545
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38545

reference_url

reference_id

CVE-2023-38545.HTML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	High
scoring_system	cvssv3.1
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://curl.se/docs/CVE-2023-38545.html

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

reference_url

https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/

reference_id

high-severity-heap-buffer-overflow-vulnerability

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/

reference_url

reference_id

HT214036

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

HT214057

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

HT214058

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

HT214063

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://security.netapp.com/advisory/ntap-20231027-0009/

reference_url

reference_id

ntap-20231027-0009

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://security.netapp.com/advisory/ntap-20231027-0009/

reference_url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_id

ntap-20240201-0005

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_id

OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_url	https://access.redhat.com/errata/RHSA-2023:5700
reference_id	RHSA-2023:5700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5700

reference_url	https://access.redhat.com/errata/RHSA-2023:5763
reference_id	RHSA-2023:5763
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5763

reference_url	https://access.redhat.com/errata/RHSA-2023:6745
reference_id	RHSA-2023:6745
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6745

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2024:0797
reference_id	RHSA-2024:0797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0797

reference_url	https://access.redhat.com/errata/RHSA-2024:2011
reference_id	RHSA-2024:2011
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2011

reference_url	https://usn.ubuntu.com/6429-1/
reference_id	USN-6429-1
reference_type
scores
url	https://usn.ubuntu.com/6429-1/

reference_url	https://usn.ubuntu.com/6429-3/
reference_id	USN-6429-3
reference_type
scores
url	https://usn.ubuntu.com/6429-3/

reference_url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

reference_id

viewtopic.php?f=8&t=8868

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

fixed_packages

url pkg:generic/curl.se/curl@8.4.0

purl pkg:generic/curl.se/curl@8.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qdcn-2u3v-b3cv

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-tha5-fv3w-sub6

vulnerability	VCID-u4bx-xqb3-vuef

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.4.0

aliases CVE-2023-38545

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcqe-7skm-b3fz

url VCID-tha5-fv3w-sub6

vulnerability_id VCID-tha5-fv3w-sub6

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2004

reference_id

reference_type

scores

value	0.00838
scoring_system	epss
scoring_elements	0.74722
published_at	2026-04-16T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74642
published_at	2026-04-02T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74669
published_at	2026-04-04T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74644
published_at	2026-04-07T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74675
published_at	2026-04-08T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.7469
published_at	2026-04-09T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74713
published_at	2026-04-11T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74693
published_at	2026-04-12T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74685
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2004

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.openwall.com/lists/oss-security/2024/03/27/1

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

http://www.openwall.com/lists/oss-security/2024/03/27/1

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://hackerone.com/reports/2384833

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270500
reference_id	2270500
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270500

reference_url

reference_id

2384833

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://hackerone.com/reports/2384833

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

reference_id

2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

reference_url

https://curl.se/docs/CVE-2024-2004.html

reference_id

CVE-2024-2004.html

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://curl.se/docs/CVE-2024-2004.html

reference_url

https://curl.se/docs/CVE-2024-2004.json

reference_id

CVE-2024-2004.json

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://curl.se/docs/CVE-2024-2004.json

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

reference_id

GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

reference_url

reference_id

HT214118

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

HT214119

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

HT214120

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://security.netapp.com/advisory/ntap-20240524-0006/

reference_url

reference_id

ntap-20240524-0006

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://security.netapp.com/advisory/ntap-20240524-0006/

reference_url	https://access.redhat.com/errata/RHSA-2024:2693
reference_id	RHSA-2024:2693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2693

reference_url	https://access.redhat.com/errata/RHSA-2024:2694
reference_id	RHSA-2024:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2694

reference_url	https://usn.ubuntu.com/6718-1/
reference_id	USN-6718-1
reference_type
scores
url	https://usn.ubuntu.com/6718-1/

reference_url	https://usn.ubuntu.com/6718-3/
reference_id	USN-6718-3
reference_type
scores
url	https://usn.ubuntu.com/6718-3/

fixed_packages

url pkg:generic/curl.se/curl@8.7.0

purl pkg:generic/curl.se/curl@8.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-176a-agbw-hqdy

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-75nw-4e2d-zqgg

vulnerability	VCID-8m6a-ej6a-g3df

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-hrsy-694u-2fec

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-t9p4-2x7v-yfaq

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-wgma-bycg-1qb1

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:generic/curl.se/curl@8.7.0

aliases CVE-2024-2004

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tha5-fv3w-sub6

url VCID-u4bx-xqb3-vuef

vulnerability_id VCID-u4bx-xqb3-vuef

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2398.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2398

reference_id

reference_type

scores

value	0.01962
scoring_system	epss
scoring_elements	0.83544
published_at	2026-04-16T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83457
published_at	2026-04-02T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83472
published_at	2026-04-04T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.8347
published_at	2026-04-07T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83495
published_at	2026-04-08T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83504
published_at	2026-04-09T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83519
published_at	2026-04-11T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83512
published_at	2026-04-12T12:55:00Z

value	0.01962
scoring_system	epss
scoring_elements	0.83509
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2398

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2398
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-2398

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

reference_url

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://hackerone.com/reports/2402845

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270498
reference_id	2270498
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270498

reference_url

reference_id

2402845

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://hackerone.com/reports/2402845

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

reference_id

2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

reference_url

http://www.openwall.com/lists/oss-security/2024/03/27/3

reference_id

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

http://www.openwall.com/lists/oss-security/2024/03/27/3

reference_url

https://curl.se/docs/CVE-2024-2398.html

reference_id

CVE-2024-2398.html

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://curl.se/docs/CVE-2024-2398.html

reference_url

https://curl.se/docs/CVE-2024-2398.json

reference_id

CVE-2024-2398.json

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://curl.se/docs/CVE-2024-2398.json

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

reference_id

GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

reference_url

reference_id

HT214118

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

reference_url

reference_id

HT214119

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url

reference_url

reference_id

HT214120

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-04-26T18:57:39Z/

url