Package Instance

reference_id

AVG-2887

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://curl.se/docs/CVE-2025-5025.json

reference_url

reference_id

CVE-2025-5025.json

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-30T16:19:34Z/

url

https://curl.se/docs/CVE-2025-5025.json

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.14.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.0-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2025-5025

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-176a-agbw-hqdy

url VCID-26p8-15d6-kbb1

vulnerability_id VCID-26p8-15d6-kbb1

summary libcurl: Double Close of Eventfd in libcurl

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0665.json

reference_id

reference_type

scores

value	4.0
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-0665.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0665

reference_id

reference_type

scores

value	0.04569
scoring_system	epss
scoring_elements	0.89216
published_at	2026-04-21T12:55:00Z

value	0.04569
scoring_system	epss
scoring_elements	0.89182
published_at	2026-04-07T12:55:00Z

value	0.04569
scoring_system	epss
scoring_elements	0.892
published_at	2026-04-08T12:55:00Z

value	0.04569
scoring_system	epss
scoring_elements	0.89204
published_at	2026-04-09T12:55:00Z

value	0.04569
scoring_system	epss
scoring_elements	0.89214
published_at	2026-04-11T12:55:00Z

value	0.04569
scoring_system	epss
scoring_elements	0.8921
published_at	2026-04-12T12:55:00Z

value	0.04569
scoring_system	epss
scoring_elements	0.89208
published_at	2026-04-13T12:55:00Z

value	0.04569
scoring_system	epss
scoring_elements	0.89221
published_at	2026-04-16T12:55:00Z

value	0.04569
scoring_system	epss
scoring_elements	0.8922
published_at	2026-04-18T12:55:00Z

value	0.04569
scoring_system	epss
scoring_elements	0.89164
published_at	2026-04-02T12:55:00Z

value	0.04569
scoring_system	epss
scoring_elements	0.89179
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0665

reference_url

https://curl.se/docs/CVE-2025-0665.html

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T17:42:03Z/

url

https://curl.se/docs/CVE-2025-0665.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2954286

reference_id

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T17:42:03Z/

url

https://hackerone.com/reports/2954286

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2343895
reference_id	2343895
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2343895

reference_url

https://curl.se/docs/CVE-2025-0665.json

reference_id

CVE-2025-0665.json

reference_type

scores

value	7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-17T17:42:03Z/

url

https://curl.se/docs/CVE-2025-0665.json

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.12.0%2Bgit20250209.89ed161%2Bds-1?distro=trixie
purl	pkg:deb/debian/curl@8.12.0%2Bgit20250209.89ed161%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.12.0%252Bgit20250209.89ed161%252Bds-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2025-0665

risk_score 2.8

exploitability 0.5

weighted_severity 5.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-26p8-15d6-kbb1

url VCID-2vwu-y316-gbb2

vulnerability_id VCID-2vwu-y316-gbb2

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2466.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2466.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2466

reference_id

reference_type

scores

value	0.00149
scoring_system	epss
scoring_elements	0.35416
published_at	2026-04-21T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35517
published_at	2026-04-02T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35542
published_at	2026-04-04T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35424
published_at	2026-04-07T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.3547
published_at	2026-04-08T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35495
published_at	2026-04-09T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35505
published_at	2026-04-11T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35462
published_at	2026-04-12T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.3544
published_at	2026-04-13T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35479
published_at	2026-04-16T12:55:00Z

value	0.00149
scoring_system	epss
scoring_elements	0.35468
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2466

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/

url

reference_url

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/

url

https://hackerone.com/reports/2416725

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270497
reference_id	2270497
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270497

reference_url

reference_id

2416725

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/

url

https://hackerone.com/reports/2416725

reference_url

https://curl.se/docs/CVE-2024-2466.html

reference_id

CVE-2024-2466.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/

url

https://curl.se/docs/CVE-2024-2466.html

reference_url

https://curl.se/docs/CVE-2024-2466.json

reference_id

CVE-2024-2466.json

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/

url

https://curl.se/docs/CVE-2024-2466.json

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url

reference_id

HT214118

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/

url

reference_url

reference_id

HT214119

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/

url

reference_url

reference_id

HT214120

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/

url

https://security.netapp.com/advisory/ntap-20240503-0010/

reference_url

reference_id

ntap-20240503-0010

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-23T18:43:18Z/

url

https://security.netapp.com/advisory/ntap-20240503-0010/

reference_url	https://access.redhat.com/errata/RHSA-2024:2693
reference_id	RHSA-2024:2693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2693

reference_url	https://access.redhat.com/errata/RHSA-2024:2694
reference_id	RHSA-2024:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2694

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.7.1-1?distro=trixie
purl	pkg:deb/debian/curl@8.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.7.1-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2024-2466

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2vwu-y316-gbb2

url VCID-38mv-usbe-z7hd

vulnerability_id VCID-38mv-usbe-z7hd

summary

Multiple vulnerabilities have been found in cURL, the worst of
    which could result in the arbitrary execution of code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22901.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22901.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22901

reference_id

reference_type

scores

value	0.00212
scoring_system	epss
scoring_elements	0.43716
published_at	2026-04-21T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.56921
published_at	2026-04-01T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57081
published_at	2026-04-11T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5706
published_at	2026-04-12T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57036
published_at	2026-04-13T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57065
published_at	2026-04-16T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57062
published_at	2026-04-18T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57018
published_at	2026-04-02T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5704
published_at	2026-04-04T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57017
published_at	2026-04-07T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.57068
published_at	2026-04-08T12:55:00Z

value	0.00344
scoring_system	epss
scoring_elements	0.5707
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22901

reference_url

https://curl.se/docs/CVE-2021-22901.html

reference_id

reference_type

scores

value	High
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2021-22901.html

reference_url	https://hackerone.com/reports/1180380
reference_id
reference_type
scores
url	https://hackerone.com/reports/1180380

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1963146
reference_id	1963146
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1963146

reference_url	https://security.archlinux.org/ASA-202106-4
reference_id	ASA-202106-4
reference_type
scores
url	https://security.archlinux.org/ASA-202106-4

reference_url	https://security.archlinux.org/ASA-202106-5
reference_id	ASA-202106-5
reference_type
scores
url	https://security.archlinux.org/ASA-202106-5

reference_url	https://security.archlinux.org/ASA-202106-6
reference_id	ASA-202106-6
reference_type
scores
url	https://security.archlinux.org/ASA-202106-6

reference_url	https://security.archlinux.org/ASA-202106-7
reference_id	ASA-202106-7
reference_type
scores
url	https://security.archlinux.org/ASA-202106-7

reference_url

https://security.archlinux.org/AVG-1995

reference_id

AVG-1995

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1995

reference_url

https://security.archlinux.org/AVG-1996

reference_id

AVG-1996

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1996

reference_url

https://security.archlinux.org/AVG-1997

reference_id

AVG-1997

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1997

reference_url

https://security.archlinux.org/AVG-1998

reference_id

AVG-1998

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1998

reference_url	https://security.gentoo.org/glsa/202105-36
reference_id	GLSA-202105-36
reference_type
scores
url	https://security.gentoo.org/glsa/202105-36

reference_url	https://access.redhat.com/errata/RHSA-2021:2471
reference_id	RHSA-2021:2471
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2471

reference_url	https://access.redhat.com/errata/RHSA-2021:2472
reference_id	RHSA-2021:2472
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2472

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2021-22901

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-38mv-usbe-z7hd

url VCID-549m-sm8g-cude

vulnerability_id VCID-549m-sm8g-cude

summary

Multiple vulnerabilities have been found in cURL, the worst of
    which may allow attackers to bypass intended restrictions.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000099.json

reference_id

reference_type

scores

value	4.7
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-1000099.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000099

reference_id

reference_type

scores

value	0.00744
scoring_system	epss
scoring_elements	0.72962
published_at	2026-04-01T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73064
published_at	2026-04-21T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.72994
published_at	2026-04-04T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.7297
published_at	2026-04-07T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73007
published_at	2026-04-08T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73021
published_at	2026-04-09T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73046
published_at	2026-04-11T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73025
published_at	2026-04-12T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73019
published_at	2026-04-13T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.73061
published_at	2026-04-16T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.7307
published_at	2026-04-18T12:55:00Z

value	0.00744
scoring_system	epss
scoring_elements	0.72974
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-1000099

reference_url	https://curl.haxx.se/0809C.patch
reference_id
reference_type
scores
url	https://curl.haxx.se/0809C.patch

reference_url	https://curl.haxx.se/docs/adv_20170809C.html
reference_id
reference_type
scores
url	https://curl.haxx.se/docs/adv_20170809C.html

reference_url

https://curl.se/docs/CVE-2017-1000099.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2017-1000099.html

reference_url	http://www.securityfocus.com/bid/100281
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100281

reference_url	http://www.securitytracker.com/id/1039119
reference_id
reference_type
scores
url	http://www.securitytracker.com/id/1039119

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1478316
reference_id	1478316
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1478316

reference_url	https://security.archlinux.org/ASA-201708-16
reference_id	ASA-201708-16
reference_type
scores
url	https://security.archlinux.org/ASA-201708-16

reference_url	https://security.archlinux.org/ASA-201710-3
reference_id	ASA-201710-3
reference_type
scores
url	https://security.archlinux.org/ASA-201710-3

reference_url	https://security.archlinux.org/ASA-201710-4
reference_id	ASA-201710-4
reference_type
scores
url	https://security.archlinux.org/ASA-201710-4

reference_url	https://security.archlinux.org/ASA-201710-5
reference_id	ASA-201710-5
reference_type
scores
url	https://security.archlinux.org/ASA-201710-5

reference_url	https://security.archlinux.org/ASA-201710-6
reference_id	ASA-201710-6
reference_type
scores
url	https://security.archlinux.org/ASA-201710-6

reference_url	https://security.archlinux.org/ASA-201710-7
reference_id	ASA-201710-7
reference_type
scores
url	https://security.archlinux.org/ASA-201710-7

reference_url

https://security.archlinux.org/AVG-370

reference_id

AVG-370

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-370

reference_url

https://security.archlinux.org/AVG-371

reference_id

AVG-371

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-371

reference_url

https://security.archlinux.org/AVG-386

reference_id

AVG-386

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-386

reference_url

https://security.archlinux.org/AVG-387

reference_id

AVG-387

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-387

reference_url

https://security.archlinux.org/AVG-388

reference_id

AVG-388

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-388

reference_url

https://security.archlinux.org/AVG-389

reference_id

AVG-389

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-389

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.54.1:::::::*
reference_id	cpe:2.3:a:haxx:libcurl:7.54.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:libcurl:7.54.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000099

reference_id

CVE-2017-1000099

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:N/A:N

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2017-1000099

reference_url	https://security.gentoo.org/glsa/201709-14
reference_id	GLSA-201709-14
reference_type
scores
url	https://security.gentoo.org/glsa/201709-14

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2017-1000099

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-549m-sm8g-cude

url VCID-5g4v-dyse-uucu

vulnerability_id VCID-5g4v-dyse-uucu

summary wcurl: wcurl: Arbitrary file placement via crafted URLs

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11563.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-11563.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-11563

reference_id

reference_type

scores

value	0.00017
scoring_system	epss
scoring_elements	0.0412
published_at	2026-04-02T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04239
published_at	2026-04-21T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.0418
published_at	2026-04-11T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04163
published_at	2026-04-12T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04137
published_at	2026-04-13T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04108
published_at	2026-04-16T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04116
published_at	2026-04-18T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04138
published_at	2026-04-04T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04155
published_at	2026-04-07T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04186
published_at	2026-04-08T12:55:00Z

value	0.00017
scoring_system	epss
scoring_elements	0.04201
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-11563

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2442571
reference_id	2442571
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2442571

reference_url

https://curl.se/docs/CVE-2025-11563.html

reference_id

CVE-2025-11563.html

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T18:53:51Z/

url

https://curl.se/docs/CVE-2025-11563.html

reference_url

https://curl.se/docs/CVE-2025-11563.json

reference_id

CVE-2025-11563.json

reference_type

scores

value	4.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-25T18:53:51Z/

url

https://curl.se/docs/CVE-2025-11563.json

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.17.0-2?distro=trixie
purl	pkg:deb/debian/curl@8.17.0-2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.17.0-2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2025-11563

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5g4v-dyse-uucu

url VCID-5xp7-mcsa-uqd4

vulnerability_id VCID-5xp7-mcsa-uqd4

summary

When doing TLS related transfers with reused easy or multi handles and
altering the  `CURLSSLOPT_NO_PARTIALCHAIN` option, libcurl could accidentally
reuse a CA store cached in memory for which the partial chain option was
reversed. Contrary to the user's wishes and expectations. This could make
libcurl find and accept a trust chain that it otherwise would not.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-14819.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-14819

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.13995
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1384
published_at	2026-04-21T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13991
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13948
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13911
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13863
published_at	2026-04-13T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13771
published_at	2026-04-16T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13766
published_at	2026-04-18T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1405
published_at	2026-04-04T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13854
published_at	2026-04-07T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13938
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-14819

reference_url

https://curl.se/docs/CVE-2025-14819.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/

url

https://curl.se/docs/CVE-2025-14819.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2426408
reference_id	2426408
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2426408

reference_url

https://curl.se/docs/CVE-2025-14819.json

reference_id

CVE-2025-14819.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T15:00:02Z/

url

https://curl.se/docs/CVE-2025-14819.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@8.18.0~rc3-1?distro=trixie
purl	pkg:deb/debian/curl@8.18.0~rc3-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.18.0~rc3-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2025-14819

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5xp7-mcsa-uqd4

url VCID-6ge5-86tg-dydf

vulnerability_id VCID-6ge5-86tg-dydf

summary Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27779.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27779.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-27779

reference_id

reference_type

scores

value	0.00273
scoring_system	epss
scoring_elements	0.50717
published_at	2026-04-21T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50705
published_at	2026-04-12T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50731
published_at	2026-04-16T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50737
published_at	2026-04-18T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50654
published_at	2026-04-02T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.5068
published_at	2026-04-04T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50635
published_at	2026-04-07T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.5069
published_at	2026-04-13T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50686
published_at	2026-04-09T12:55:00Z

value	0.00273
scoring_system	epss
scoring_elements	0.50728
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-27779

reference_url

https://curl.se/docs/CVE-2022-27779.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2022-27779.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1553301
reference_id
reference_type
scores
url	https://hackerone.com/reports/1553301

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2082202
reference_id	2082202
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2082202

reference_url

reference_id

AVG-2706

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6197.json

reference_url	https://security.gentoo.org/glsa/202212-01
reference_id	GLSA-202212-01
reference_type
scores
url	https://security.gentoo.org/glsa/202212-01

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@7.83.1-1?distro=trixie
purl	pkg:deb/debian/curl@7.83.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.83.1-1%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2022-27779

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6ge5-86tg-dydf

url VCID-8m6a-ej6a-g3df

vulnerability_id VCID-8m6a-ej6a-g3df

summary curl: freeing stack buffer in utf8asn1str

references

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6197.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-6197

reference_id

reference_type

scores

value	0.01302
scoring_system	epss
scoring_elements	0.79769
published_at	2026-04-21T12:55:00Z

value	0.01302
scoring_system	epss
scoring_elements	0.79695
published_at	2026-04-02T12:55:00Z

value	0.01302
scoring_system	epss
scoring_elements	0.79716
published_at	2026-04-04T12:55:00Z

value	0.01302
scoring_system	epss
scoring_elements	0.79701
published_at	2026-04-07T12:55:00Z

value	0.01302
scoring_system	epss
scoring_elements	0.7973
published_at	2026-04-08T12:55:00Z

value	0.01302
scoring_system	epss
scoring_elements	0.79737
published_at	2026-04-13T12:55:00Z

value	0.01302
scoring_system	epss
scoring_elements	0.79759
published_at	2026-04-11T12:55:00Z

value	0.01302
scoring_system	epss
scoring_elements	0.79743
published_at	2026-04-12T12:55:00Z

value	0.01302
scoring_system	epss
scoring_elements	0.79765
published_at	2026-04-16T12:55:00Z

value	0.01302
scoring_system	epss
scoring_elements	0.79766
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-6197

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.openwall.com/lists/oss-security/2024/07/24/1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/

url

http://www.openwall.com/lists/oss-security/2024/07/24/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076996
reference_id	1076996
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076996

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2299653
reference_id	2299653
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2299653

reference_url

https://hackerone.com/reports/2559516

reference_id

2559516

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/

url

https://hackerone.com/reports/2559516

reference_url

http://www.openwall.com/lists/oss-security/2024/07/24/5

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/

url

http://www.openwall.com/lists/oss-security/2024/07/24/5

reference_url

https://curl.se/docs/CVE-2024-6197.html

reference_id

CVE-2024-6197.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/

url

https://curl.se/docs/CVE-2024-6197.html

reference_url

https://curl.se/docs/CVE-2024-6197.json

reference_id

CVE-2024-6197.json

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-24T18:42:30Z/

url

https://curl.se/docs/CVE-2024-6197.json

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.9.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.9.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.9.0-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2024-6197

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8m6a-ej6a-g3df

url VCID-9mjz-apkm-g7h1

vulnerability_id VCID-9mjz-apkm-g7h1

summary libcurl: curl: QUIC certificate check skip with wolfSSL

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4947.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-4947.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-4947

reference_id

reference_type

scores

value	0.00075
scoring_system	epss
scoring_elements	0.22576
published_at	2026-04-21T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22775
published_at	2026-04-04T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22565
published_at	2026-04-07T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22641
published_at	2026-04-08T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22692
published_at	2026-04-09T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.2271
published_at	2026-04-11T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22671
published_at	2026-04-12T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22613
published_at	2026-04-13T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22628
published_at	2026-04-16T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22624
published_at	2026-04-18T12:55:00Z

value	0.00075
scoring_system	epss
scoring_elements	0.22731
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-4947

reference_url

https://curl.se/docs/CVE-2025-4947.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/

url

https://curl.se/docs/CVE-2025-4947.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3150884

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/

url

https://hackerone.com/reports/3150884

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2368887
reference_id	2368887
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2368887

reference_url

reference_id

AVG-2887

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://curl.se/docs/CVE-2025-4947.json

reference_url

reference_id

CVE-2025-4947.json

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-28T13:57:59Z/

url

https://curl.se/docs/CVE-2025-4947.json

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.14.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.14.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.0-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2025-4947

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9mjz-apkm-g7h1

url VCID-a9b6-m25r-kygw

vulnerability_id VCID-a9b6-m25r-kygw

summary The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9952

reference_id

reference_type

scores

value	0.01005
scoring_system	epss
scoring_elements	0.77072
published_at	2026-04-21T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.77042
published_at	2026-04-12T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.77037
published_at	2026-04-13T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.77078
published_at	2026-04-16T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.7708
published_at	2026-04-18T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.76977
published_at	2026-04-01T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.76983
published_at	2026-04-02T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.77012
published_at	2026-04-04T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.76993
published_at	2026-04-07T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.77025
published_at	2026-04-08T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.77035
published_at	2026-04-09T12:55:00Z

value	0.01005
scoring_system	epss
scoring_elements	0.77063
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9952

reference_url

https://curl.se/docs/CVE-2016-9952.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2016-9952.html

reference_url

https://curl.haxx.se/docs/adv_20161221B.html

reference_id

adv_20161221B.html

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T19:19:07Z/

url

https://curl.haxx.se/docs/adv_20161221B.html

reference_url

https://curl.haxx.se/CVE-2016-9952.patch

reference_id

CVE-2016-9952.patch

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-07-23T19:19:07Z/

url

https://curl.haxx.se/CVE-2016-9952.patch

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2016-9952

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a9b6-m25r-kygw

url VCID-amgy-dw6h-6ydf

vulnerability_id VCID-amgy-dw6h-6ydf

summary curl: curl: Arbitrary code execution or Denial of Service via use-after-free in SMB request handling

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3805.json

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-3805.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-3805

reference_id

reference_type

scores

value	0.00021
scoring_system	epss
scoring_elements	0.05799
published_at	2026-04-21T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11805
published_at	2026-04-09T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11837
published_at	2026-04-02T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11817
published_at	2026-04-11T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.1188
published_at	2026-04-04T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11667
published_at	2026-04-07T12:55:00Z

value	0.00039
scoring_system	epss
scoring_elements	0.11752
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12966
published_at	2026-04-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12823
published_at	2026-04-18T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12821
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12921
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-3805

reference_url

https://curl.se/docs/CVE-2026-3805.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:45:10Z/

url

https://curl.se/docs/CVE-2026-3805.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	2.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3591944

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:45:10Z/

url

https://hackerone.com/reports/3591944

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2446451
reference_id	2446451
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2446451

reference_url

https://curl.se/docs/CVE-2026-3805.json

reference_id

CVE-2026-3805.json

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-03-11T15:45:10Z/

url

https://curl.se/docs/CVE-2026-3805.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8084-1/
reference_id	USN-8084-1
reference_type
scores
url	https://usn.ubuntu.com/8084-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2026-3805

risk_score 3.0

exploitability 0.5

weighted_severity 6.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-amgy-dw6h-6ydf

url VCID-aua9-4frt-xugf

vulnerability_id VCID-aua9-4frt-xugf

summary curl: libcurl: Curl out of bounds read for cookie path

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9086.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-9086.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-9086

reference_id

reference_type

scores

value	0.00035
scoring_system	epss
scoring_elements	0.10241
published_at	2026-04-04T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10177
published_at	2026-04-02T12:55:00Z

value	0.00035
scoring_system	epss
scoring_elements	0.10138
published_at	2026-04-07T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13485
published_at	2026-04-21T12:55:00Z

value	0.00044
scoring_system	epss
scoring_elements	0.13412
published_at	2026-04-18T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14303
published_at	2026-04-08T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14356
published_at	2026-04-09T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14302
published_at	2026-04-11T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14264
published_at	2026-04-12T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14208
published_at	2026-04-13T12:55:00Z

value	0.00046
scoring_system	epss
scoring_elements	0.14098
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-9086

reference_url

https://curl.se/docs/CVE-2025-9086.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:15:47Z/

url

https://curl.se/docs/CVE-2025-9086.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3294999

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:15:47Z/

url

https://hackerone.com/reports/3294999

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2394750
reference_id	2394750
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2394750

reference_url

https://curl.se/docs/CVE-2025-9086.json

reference_id

CVE-2025-9086.json

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:15:47Z/

url

https://curl.se/docs/CVE-2025-9086.json

reference_url	https://access.redhat.com/errata/RHSA-2025:23043
reference_id	RHSA-2025:23043
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23043

reference_url	https://access.redhat.com/errata/RHSA-2025:23125
reference_id	RHSA-2025:23125
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23125

reference_url	https://access.redhat.com/errata/RHSA-2025:23126
reference_id	RHSA-2025:23126
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23126

reference_url	https://access.redhat.com/errata/RHSA-2025:23127
reference_id	RHSA-2025:23127
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23127

reference_url	https://access.redhat.com/errata/RHSA-2025:23383
reference_id	RHSA-2025:23383
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:23383

reference_url	https://access.redhat.com/errata/RHSA-2026:1350
reference_id	RHSA-2026:1350
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1350

reference_url	https://access.redhat.com/errata/RHSA-2026:1477
reference_id	RHSA-2026:1477
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1477

reference_url	https://access.redhat.com/errata/RHSA-2026:1736
reference_id	RHSA-2026:1736
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1736

reference_url	https://access.redhat.com/errata/RHSA-2026:1825
reference_id	RHSA-2026:1825
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:1825

reference_url	https://access.redhat.com/errata/RHSA-2026:2485
reference_id	RHSA-2026:2485
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2485

reference_url	https://access.redhat.com/errata/RHSA-2026:2563
reference_id	RHSA-2026:2563
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2563

reference_url	https://access.redhat.com/errata/RHSA-2026:4943
reference_id	RHSA-2026:4943
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:4943

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.14.1-2%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/curl@8.14.1-2%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.16.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.16.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.16.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2025-9086

risk_score 3.0

exploitability 0.5

weighted_severity 6.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-aua9-4frt-xugf

url VCID-b69q-9yrr-myf7

vulnerability_id VCID-b69q-9yrr-myf7

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0853.json

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0853.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-0853

reference_id

reference_type

scores

value	0.00156
scoring_system	epss
scoring_elements	0.36299
published_at	2026-04-21T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36442
published_at	2026-04-02T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36475
published_at	2026-04-04T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.3631
published_at	2026-04-07T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36358
published_at	2026-04-08T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36378
published_at	2026-04-09T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36385
published_at	2026-04-11T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.3635
published_at	2026-04-12T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36328
published_at	2026-04-13T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.3637
published_at	2026-04-16T12:55:00Z

value	0.00156
scoring_system	epss
scoring_elements	0.36353
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-0853

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2262097
reference_id	2262097
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2262097

reference_url

https://hackerone.com/reports/2298922

reference_id

2298922

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/

url

https://hackerone.com/reports/2298922

reference_url

https://curl.se/docs/CVE-2024-0853.html

reference_id

CVE-2024-0853.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/

url

https://curl.se/docs/CVE-2024-0853.html

reference_url

https://curl.se/docs/CVE-2024-0853.json

reference_id

CVE-2024-0853.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/

url

https://curl.se/docs/CVE-2024-0853.json

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url

https://security.netapp.com/advisory/ntap-20240307-0004/

reference_id

ntap-20240307-0004

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/

url

https://security.netapp.com/advisory/ntap-20240307-0004/

reference_url

https://security.netapp.com/advisory/ntap-20240426-0009/

reference_id

ntap-20240426-0009

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/

url

https://security.netapp.com/advisory/ntap-20240426-0009/

reference_url

https://security.netapp.com/advisory/ntap-20240503-0012/

reference_id

ntap-20240503-0012

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-13T19:54:33Z/

url

https://security.netapp.com/advisory/ntap-20240503-0012/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.6.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.6.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.6.0-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2024-0853

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b69q-9yrr-myf7

url VCID-bz4u-6rft-s3a8

vulnerability_id VCID-bz4u-6rft-s3a8

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38039

reference_id

reference_type

scores

value	0.12305
scoring_system	epss
scoring_elements	0.93847
published_at	2026-04-07T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.9386
published_at	2026-04-09T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93856
published_at	2026-04-08T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93845
published_at	2026-04-04T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93835
published_at	2026-04-02T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93894
published_at	2026-04-21T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93893
published_at	2026-04-18T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93887
published_at	2026-04-16T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93865
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38039

reference_url

https://curl.se/docs/CVE-2023-38039.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-38039.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2072338

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://hackerone.com/reports/2072338

reference_url

http://seclists.org/fulldisclosure/2023/Oct/17

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

http://seclists.org/fulldisclosure/2023/Oct/17

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2239135
reference_id	2239135
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2239135

reference_url

http://seclists.org/fulldisclosure/2024/Jan/34

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

http://seclists.org/fulldisclosure/2024/Jan/34

reference_url

http://seclists.org/fulldisclosure/2024/Jan/37

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

http://seclists.org/fulldisclosure/2024/Jan/37

reference_url

http://seclists.org/fulldisclosure/2024/Jan/38

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

http://seclists.org/fulldisclosure/2024/Jan/38

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/

reference_id

5DCZMYODALBLVOXVJEN2LF2MLANEYL4F

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://support.apple.com/kb/HT214036

reference_url

reference_id

HT214036

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://support.apple.com/kb/HT214036

reference_url

https://support.apple.com/kb/HT214057

reference_id

HT214057

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://support.apple.com/kb/HT214057

reference_url

https://support.apple.com/kb/HT214058

reference_id

HT214058

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://support.apple.com/kb/HT214058

reference_url

https://support.apple.com/kb/HT214063

reference_id

HT214063

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://support.apple.com/kb/HT214063

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/

reference_id

M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/

reference_url

https://security.netapp.com/advisory/ntap-20231013-0005/

reference_id

ntap-20231013-0005

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://security.netapp.com/advisory/ntap-20231013-0005/

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url

https://www.insyde.com/security-pledge/SA-2023064

reference_id

SA-2023064

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://www.insyde.com/security-pledge/SA-2023064

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/

reference_id

TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/

reference_url	https://usn.ubuntu.com/6363-1/
reference_id	USN-6363-1
reference_type
scores
url	https://usn.ubuntu.com/6363-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@7.88.1-10%2Bdeb12u3?distro=trixie
purl	pkg:deb/debian/curl@7.88.1-10%2Bdeb12u3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u3%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.3.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.3.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.3.0-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2023-38039

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bz4u-6rft-s3a8

url VCID-d3s1-3qs7-2uhw

vulnerability_id VCID-d3s1-3qs7-2uhw

summary curl: Cipher settings shared for all connections when using schannel TLS backed

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22897.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22897.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22897

reference_id

reference_type

scores

value	0.00791
scoring_system	epss
scoring_elements	0.73845
published_at	2026-04-01T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73937
published_at	2026-04-21T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73936
published_at	2026-04-16T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73945
published_at	2026-04-18T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73855
published_at	2026-04-02T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.7388
published_at	2026-04-04T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73851
published_at	2026-04-07T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73886
published_at	2026-04-08T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73899
published_at	2026-04-09T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73921
published_at	2026-04-11T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73903
published_at	2026-04-12T12:55:00Z

value	0.00791
scoring_system	epss
scoring_elements	0.73894
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22897

reference_url

https://curl.se/docs/CVE-2021-22897.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2021-22897.html

reference_url	https://hackerone.com/reports/1172857
reference_id
reference_type
scores
url	https://hackerone.com/reports/1172857

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1964904
reference_id	1964904
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1964904

reference_url

https://security.archlinux.org/AVG-2016

reference_id

AVG-2016

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2016

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2021-22897

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3s1-3qs7-2uhw

url VCID-ej47-4dcu-5fhy

vulnerability_id VCID-ej47-4dcu-5fhy

summary Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42915.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-42915.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-42915

reference_id

reference_type

scores

value	0.00467
scoring_system	epss
scoring_elements	0.64447
published_at	2026-04-21T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64436
published_at	2026-04-12T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64407
published_at	2026-04-13T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64442
published_at	2026-04-16T12:55:00Z

value	0.00467
scoring_system	epss
scoring_elements	0.64454
published_at	2026-04-18T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70128
published_at	2026-04-02T12:55:00Z

value	0.00625
scoring_system	epss
scoring_elements	0.70143
published_at	2026-04-04T12:55:00Z

value	0.00812
scoring_system	epss
scoring_elements	0.74203
published_at	2026-04-07T12:55:00Z

value	0.00812
scoring_system	epss
scoring_elements	0.74272
published_at	2026-04-11T12:55:00Z

value	0.00812
scoring_system	epss
scoring_elements	0.7425
published_at	2026-04-09T12:55:00Z

value	0.00812
scoring_system	epss
scoring_elements	0.74235
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-42915

reference_url

https://curl.se/docs/CVE-2022-42915.html

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/

url

https://curl.se/docs/CVE-2022-42915.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1722065
reference_id
reference_type
scores
url	https://hackerone.com/reports/1722065

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/

url

reference_url

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2135413
reference_id	2135413
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2135413

reference_url

reference_id

37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/37YEVVC6NAF6H7UHH6YAUY5QEVY6LIH2/

reference_url

reference_id

GLSA-202212-01

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/

url

reference_url

reference_id

HT213604

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/

url

reference_url

reference_id

HT213605

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/

reference_url

reference_id

HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HVU3IMZCKR4VE6KJ4GCWRL2ILLC6OV76/

reference_url

https://security.netapp.com/advisory/ntap-20221209-0010/

reference_id

ntap-20221209-0010

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/

url

https://security.netapp.com/advisory/ntap-20221209-0010/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/

reference_id

Q27V5YYMXUVI6PRZQVECON32XPVWTKDK

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-05-07T13:58:40Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q27V5YYMXUVI6PRZQVECON32XPVWTKDK/

reference_url	https://access.redhat.com/errata/RHSA-2022:8840
reference_id	RHSA-2022:8840
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8840

reference_url	https://access.redhat.com/errata/RHSA-2022:8841
reference_id	RHSA-2022:8841
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2022:8841

reference_url	https://usn.ubuntu.com/5702-1/
reference_id	USN-5702-1
reference_type
scores
url	https://usn.ubuntu.com/5702-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@7.86.0-1?distro=trixie
purl	pkg:deb/debian/curl@7.86.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.86.0-1%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2022-42915

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ej47-4dcu-5fhy

url VCID-hj8v-tgnn-mfdw

vulnerability_id VCID-hj8v-tgnn-mfdw

summary The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9953

reference_id

reference_type

scores

value	0.01854
scoring_system	epss
scoring_elements	0.83051
published_at	2026-04-21T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.82946
published_at	2026-04-01T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.82963
published_at	2026-04-02T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.82976
published_at	2026-04-04T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.82973
published_at	2026-04-07T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.82998
published_at	2026-04-08T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.83005
published_at	2026-04-09T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.83021
published_at	2026-04-11T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.83015
published_at	2026-04-12T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.8301
published_at	2026-04-13T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.83049
published_at	2026-04-16T12:55:00Z

value	0.01854
scoring_system	epss
scoring_elements	0.83048
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9953

reference_url

https://curl.se/docs/CVE-2016-9953.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2016-9953.html

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2016-9953

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hj8v-tgnn-mfdw

url VCID-hjkx-6yep-mkde

vulnerability_id VCID-hjkx-6yep-mkde

summary curl: removes wrong file on error

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27778.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27778.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-27778

reference_id

reference_type

scores

value	0.00911
scoring_system	epss
scoring_elements	0.75845
published_at	2026-04-21T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75818
published_at	2026-04-13T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75856
published_at	2026-04-16T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75859
published_at	2026-04-18T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75764
published_at	2026-04-02T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75796
published_at	2026-04-04T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75776
published_at	2026-04-07T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75808
published_at	2026-04-08T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.7582
published_at	2026-04-09T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75844
published_at	2026-04-11T12:55:00Z

value	0.00911
scoring_system	epss
scoring_elements	0.75825
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-27778

reference_url

https://curl.se/docs/CVE-2022-27778.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2022-27778.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1553598
reference_id
reference_type
scores
url	https://hackerone.com/reports/1553598

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2082194
reference_id	2082194
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2082194

reference_url

reference_id

AVG-2706

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@7.83.1-1?distro=trixie
purl	pkg:deb/debian/curl@7.83.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.83.1-1%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2022-27778

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hjkx-6yep-mkde

url VCID-hudt-78dw-tkf2

vulnerability_id VCID-hudt-78dw-tkf2

summary Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

references

reference_url

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-22925.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-22925

reference_id

reference_type

scores

value	0.00319
scoring_system	epss
scoring_elements	0.54986
published_at	2026-04-04T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.5496
published_at	2026-04-02T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.5489
published_at	2026-04-01T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.55017
published_at	2026-04-11T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.55005
published_at	2026-04-09T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.54956
published_at	2026-04-07T12:55:00Z

value	0.00319
scoring_system	epss
scoring_elements	0.55006
published_at	2026-04-08T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62217
published_at	2026-04-16T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62207
published_at	2026-04-21T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62224
published_at	2026-04-18T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62194
published_at	2026-04-12T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62173
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-22925

reference_url

https://curl.se/docs/CVE-2021-22925.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2021-22925.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1223882

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/

url

https://hackerone.com/reports/1223882

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1970902
reference_id	1970902
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1970902

reference_url

http://seclists.org/fulldisclosure/2021/Sep/39

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/

url

http://seclists.org/fulldisclosure/2021/Sep/39

reference_url

http://seclists.org/fulldisclosure/2021/Sep/40

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/

url

http://seclists.org/fulldisclosure/2021/Sep/40

reference_url	https://security.archlinux.org/ASA-202107-59
reference_id	ASA-202107-59
reference_type
scores
url	https://security.archlinux.org/ASA-202107-59

reference_url	https://security.archlinux.org/ASA-202107-60
reference_id	ASA-202107-60
reference_type
scores
url	https://security.archlinux.org/ASA-202107-60

reference_url	https://security.archlinux.org/ASA-202107-61
reference_id	ASA-202107-61
reference_type
scores
url	https://security.archlinux.org/ASA-202107-61

reference_url	https://security.archlinux.org/ASA-202107-62
reference_id	ASA-202107-62
reference_type
scores
url	https://security.archlinux.org/ASA-202107-62

reference_url	https://security.archlinux.org/ASA-202107-63
reference_id	ASA-202107-63
reference_type
scores
url	https://security.archlinux.org/ASA-202107-63

reference_url	https://security.archlinux.org/ASA-202107-64
reference_id	ASA-202107-64
reference_type
scores
url	https://security.archlinux.org/ASA-202107-64

reference_url

https://security.archlinux.org/AVG-2194

reference_id

AVG-2194

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2194

reference_url

https://security.archlinux.org/AVG-2195

reference_id

AVG-2195

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2195

reference_url

https://security.archlinux.org/AVG-2196

reference_id

AVG-2196

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2196

reference_url

https://security.archlinux.org/AVG-2197

reference_id

AVG-2197

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2197

reference_url

https://security.archlinux.org/AVG-2198

reference_id

AVG-2198

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2198

reference_url

https://security.archlinux.org/AVG-2199

reference_id

AVG-2199

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2199

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/

reference_id

FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/FRUCW2UVNYUDZF72DQLFQR4PJEC6CF7V/

reference_url

reference_id

GLSA-202212-01

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/

url

https://support.apple.com/kb/HT212804

reference_url

reference_id

HT212804

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/

url

https://support.apple.com/kb/HT212804

reference_url

https://support.apple.com/kb/HT212805

reference_id

HT212805

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/

url

https://support.apple.com/kb/HT212805

reference_url

https://security.netapp.com/advisory/ntap-20210902-0003/

reference_id

ntap-20210902-0003

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/

url

https://security.netapp.com/advisory/ntap-20210902-0003/

reference_url	https://access.redhat.com/errata/RHSA-2021:4511
reference_id	RHSA-2021:4511
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:4511

reference_url

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

reference_id

ssa-484086.pdf

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-16T16:36:17Z/

url

https://cert-portal.siemens.com/productcert/pdf/ssa-484086.pdf

reference_url	https://usn.ubuntu.com/5021-1/
reference_id	USN-5021-1
reference_type
scores
url	https://usn.ubuntu.com/5021-1/

reference_url	https://usn.ubuntu.com/5021-2/
reference_id	USN-5021-2
reference_type
scores
url	https://usn.ubuntu.com/5021-2/

reference_url	https://usn.ubuntu.com/5894-1/
reference_id	USN-5894-1
reference_type
scores
url	https://usn.ubuntu.com/5894-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2021-22925

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hudt-78dw-tkf2

url VCID-hyqp-z8hb-fqbt

vulnerability_id VCID-hyqp-z8hb-fqbt

summary

Multiple vulnerabilities have been found in cURL, the worst of
    which could allow remote attackers to execute arbitrary code.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9594.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2016-9594.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-9594

reference_id

reference_type

scores

value	0.01088
scoring_system	epss
scoring_elements	0.77857
published_at	2026-04-01T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77946
published_at	2026-04-21T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77864
published_at	2026-04-02T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77892
published_at	2026-04-04T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77874
published_at	2026-04-07T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77901
published_at	2026-04-08T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77906
published_at	2026-04-09T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77933
published_at	2026-04-11T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77917
published_at	2026-04-12T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77916
published_at	2026-04-13T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77954
published_at	2026-04-16T12:55:00Z

value	0.01088
scoring_system	epss
scoring_elements	0.77953
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-9594

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594

reference_url

https://curl.haxx.se/docs/adv_20161223.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/

url

https://curl.haxx.se/docs/adv_20161223.html

reference_url

https://curl.se/docs/CVE-2016-9594.html

reference_id

reference_type

scores

value	High
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2016-9594.html

reference_url

https://www.tenable.com/security/tns-2017-04

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/

url

https://www.tenable.com/security/tns-2017-04

reference_url

http://www.securityfocus.com/bid/95094

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/

url

http://www.securityfocus.com/bid/95094

reference_url

http://www.securitytracker.com/id/1037528

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/

url

http://www.securitytracker.com/id/1037528

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1408385
reference_id	1408385
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1408385

reference_url	https://security.archlinux.org/ASA-201612-22
reference_id	ASA-201612-22
reference_type
scores
url	https://security.archlinux.org/ASA-201612-22

reference_url	https://security.archlinux.org/ASA-201701-10
reference_id	ASA-201701-10
reference_type
scores
url	https://security.archlinux.org/ASA-201701-10

reference_url	https://security.archlinux.org/ASA-201701-11
reference_id	ASA-201701-11
reference_type
scores
url	https://security.archlinux.org/ASA-201701-11

reference_url	https://security.archlinux.org/ASA-201701-7
reference_id	ASA-201701-7
reference_type
scores
url	https://security.archlinux.org/ASA-201701-7

reference_url	https://security.archlinux.org/ASA-201701-8
reference_id	ASA-201701-8
reference_type
scores
url	https://security.archlinux.org/ASA-201701-8

reference_url	https://security.archlinux.org/ASA-201701-9
reference_id	ASA-201701-9
reference_type
scores
url	https://security.archlinux.org/ASA-201701-9

reference_url

https://security.archlinux.org/AVG-112

reference_id

AVG-112

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-112

reference_url

https://security.archlinux.org/AVG-113

reference_id

AVG-113

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-113

reference_url

https://security.archlinux.org/AVG-114

reference_id

AVG-114

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-114

reference_url

https://security.archlinux.org/AVG-115

reference_id

AVG-115

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-115

reference_url

https://security.archlinux.org/AVG-116

reference_id

AVG-116

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-116

reference_url

https://security.archlinux.org/AVG-117

reference_id

AVG-117

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-117

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl::::::::
reference_id	cpe:2.3:a:haxx:curl::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-9594

reference_id

CVE-2016-9594

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2016-9594

reference_url

https://security.gentoo.org/glsa/201701-47

reference_id

GLSA-201701-47

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2026-04-15T21:03:12Z/

url

https://security.gentoo.org/glsa/201701-47

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2016-9594

risk_score 3.6

exploitability 0.5

weighted_severity 7.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hyqp-z8hb-fqbt

url VCID-ke81-x2ze-rbc5

vulnerability_id VCID-ke81-x2ze-rbc5

summary

Double Free
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27537

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14558
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14539
published_at	2026-04-02T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14609
published_at	2026-04-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14418
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14504
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14506
published_at	2026-04-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.1908
published_at	2026-04-16T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21707
published_at	2026-04-21T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21741
published_at	2026-04-18T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24345
published_at	2026-04-12T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24288
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27537

reference_url

https://curl.se/docs/CVE-2023-27537.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27537.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1897203
reference_id
reference_type
scores
url	https://hackerone.com/reports/1897203

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179097
reference_id	2179097
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179097

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27537
reference_id	CVE-2023-27537
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27537

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@7.88.1-7?distro=trixie
purl	pkg:deb/debian/curl@7.88.1-7?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-7%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2023-27537

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ke81-x2ze-rbc5

url VCID-ksap-zrmb-ebcu

vulnerability_id VCID-ksap-zrmb-ebcu

summary curl: predictable WebSocket mask

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10148.json

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-10148.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-10148

reference_id

reference_type

scores

value	0.00102
scoring_system	epss
scoring_elements	0.28161
published_at	2026-04-02T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28205
published_at	2026-04-04T12:55:00Z

value	0.00102
scoring_system	epss
scoring_elements	0.28
published_at	2026-04-07T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29742
published_at	2026-04-18T12:55:00Z

value	0.00112
scoring_system	epss
scoring_elements	0.29698
published_at	2026-04-21T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30659
published_at	2026-04-13T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30746
published_at	2026-04-09T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30749
published_at	2026-04-11T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30704
published_at	2026-04-12T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30683
published_at	2026-04-16T12:55:00Z

value	0.00118
scoring_system	epss
scoring_elements	0.30714
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-10148

reference_url

https://curl.se/docs/CVE-2025-10148.html

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:16:46Z/

url

https://curl.se/docs/CVE-2025-10148.html

reference_url

https://hackerone.com/reports/3330839

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:16:46Z/

url

https://hackerone.com/reports/3330839

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2394749
reference_id	2394749
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2394749

reference_url

https://curl.se/docs/CVE-2025-10148.json

reference_id

CVE-2025-10148.json

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-09-12T17:16:46Z/

url

https://curl.se/docs/CVE-2025-10148.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@8.14.1-2%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/curl@8.14.1-2%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.16.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.16.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.16.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2025-10148

risk_score 2.1

exploitability 0.5

weighted_severity 4.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ksap-zrmb-ebcu

url VCID-kt4b-7ffh-4bch

vulnerability_id VCID-kt4b-7ffh-4bch

summary

When using `CURLOPT_PINNEDPUBLICKEY` option with libcurl or `--pinnedpubkey`
with the curl tool,curl should check the public key of the server certificate
to verify the peer.

This check was skipped in a certain condition that would then make curl allow
the connection without performing the proper check, thus not noticing a
possible impostor. To skip this check, the connection had to be done with QUIC
with ngtcp2 built to use GnuTLS and the user had to explicitly disable the
standard certificate verification.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json

reference_id

reference_type

scores

value	6.8
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-13034.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-13034

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01204
published_at	2026-04-02T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01284
published_at	2026-04-21T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0123
published_at	2026-04-09T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01213
published_at	2026-04-11T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01207
published_at	2026-04-12T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01209
published_at	2026-04-13T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.012
published_at	2026-04-16T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01212
published_at	2026-04-18T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01211
published_at	2026-04-04T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0122
published_at	2026-04-07T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01226
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-13034

reference_url

https://curl.se/docs/CVE-2025-13034.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Medium
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/

url

https://curl.se/docs/CVE-2025-13034.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2426406
reference_id	2426406
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2426406

reference_url

https://curl.se/docs/CVE-2025-13034.json

reference_id

CVE-2025-13034.json

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-01-08T14:56:11Z/

url

https://curl.se/docs/CVE-2025-13034.json

reference_url	https://access.redhat.com/errata/RHSA-2026:6893
reference_id	RHSA-2026:6893
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6893

reference_url	https://usn.ubuntu.com/8062-1/
reference_id	USN-8062-1
reference_type
scores
url	https://usn.ubuntu.com/8062-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.18.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.18.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.18.0~rc2-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2025-13034

risk_score 3.0

exploitability 0.5

weighted_severity 6.1

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kt4b-7ffh-4bch

url VCID-m15r-v9sr-2bbn

vulnerability_id VCID-m15r-v9sr-2bbn

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28319

reference_id

reference_type

scores

value	0.0032
scoring_system	epss
scoring_elements	0.55117
published_at	2026-04-21T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55072
published_at	2026-04-02T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55097
published_at	2026-04-13T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55073
published_at	2026-04-07T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55122
published_at	2026-04-09T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55134
published_at	2026-04-16T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55114
published_at	2026-04-12T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55138
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28319

reference_url

https://curl.se/docs/CVE-2023-28319.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-28319.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1913733

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://hackerone.com/reports/1913733

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id	1036239
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196778
reference_id	2196778
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196778

reference_url

http://seclists.org/fulldisclosure/2023/Jul/47

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

http://seclists.org/fulldisclosure/2023/Jul/47

reference_url

http://seclists.org/fulldisclosure/2023/Jul/48

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

http://seclists.org/fulldisclosure/2023/Jul/48

reference_url

http://seclists.org/fulldisclosure/2023/Jul/52

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

http://seclists.org/fulldisclosure/2023/Jul/52

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://support.apple.com/kb/HT213843

reference_url

reference_id

HT213843

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://support.apple.com/kb/HT213843

reference_url

https://support.apple.com/kb/HT213844

reference_id

HT213844

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://support.apple.com/kb/HT213844

reference_url

https://support.apple.com/kb/HT213845

reference_id

HT213845

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://support.apple.com/kb/HT213845

reference_url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_id

ntap-20230609-0009

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@7.88.1-10?distro=trixie
purl	pkg:deb/debian/curl@7.88.1-10?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2023-28319

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m15r-v9sr-2bbn

url VCID-m3nh-aha9-dfbc

vulnerability_id VCID-m3nh-aha9-dfbc

summary Absolute path traversal vulnerability in curl 7.20.0 through 7.21.1, when the --remote-header-name or -J option is used, allows remote servers to create or overwrite arbitrary files by using \ (backslash) as a separator of path components within the Content-disposition HTTP header.

references

reference_url	http://curl.haxx.se/docs/adv_20101013.html
reference_id
reference_type
scores
url	http://curl.haxx.se/docs/adv_20101013.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2010-3842

reference_id

reference_type

scores

value	0.00898
scoring_system	epss
scoring_elements	0.75675
published_at	2026-04-21T12:55:00Z

value	0.00898
scoring_system	epss
scoring_elements	0.7569
published_at	2026-04-18T12:55:00Z

value	0.00898
scoring_system	epss
scoring_elements	0.7559
published_at	2026-04-01T12:55:00Z

value	0.00898
scoring_system	epss
scoring_elements	0.75592
published_at	2026-04-02T12:55:00Z

value	0.00898
scoring_system	epss
scoring_elements	0.75623
published_at	2026-04-04T12:55:00Z

value	0.00898
scoring_system	epss
scoring_elements	0.75603
published_at	2026-04-07T12:55:00Z

value	0.00898
scoring_system	epss
scoring_elements	0.75638
published_at	2026-04-08T12:55:00Z

value	0.00898
scoring_system	epss
scoring_elements	0.75649
published_at	2026-04-13T12:55:00Z

value	0.00898
scoring_system	epss
scoring_elements	0.75673
published_at	2026-04-11T12:55:00Z

value	0.00898
scoring_system	epss
scoring_elements	0.75655
published_at	2026-04-12T12:55:00Z

value	0.00898
scoring_system	epss
scoring_elements	0.75686
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2010-3842

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=642642
reference_id
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=642642

reference_url

https://curl.se/docs/CVE-2010-3842.html

reference_id

reference_type

scores

value	High
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2010-3842.html

reference_url	http://secunia.com/advisories/39532
reference_id
reference_type
scores
url	http://secunia.com/advisories/39532

reference_url	http://securitytracker.com/id?1024583
reference_id
reference_type
scores
url	http://securitytracker.com/id?1024583

reference_url	http://www.openwall.com/lists/oss-security/2010/10/13/1
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2010/10/13/1

reference_url	http://www.openwall.com/lists/oss-security/2010/10/13/4
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2010/10/13/4

reference_url	http://www.openwall.com/lists/oss-security/2010/10/13/5
reference_id
reference_type
scores
url	http://www.openwall.com/lists/oss-security/2010/10/13/5

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.20.0:::::::*
reference_id	cpe:2.3:a:curl:curl:7.20.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.20.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.20.1:::::::*
reference_id	cpe:2.3:a:curl:curl:7.20.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.20.1:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.21.1:::::::*
reference_id	cpe:2.3:a:curl:curl:7.21.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:curl:curl:7.21.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2010-3842

reference_id

CVE-2010-3842

reference_type

scores

value	5.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:P/A:P

url

https://nvd.nist.gov/vuln/detail/CVE-2010-3842

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2010-3842

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3nh-aha9-dfbc

url VCID-m3r3-25yq-hqdc

vulnerability_id VCID-m3r3-25yq-hqdc

summary Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-4606

reference_id

reference_type

scores

value	0.00218
scoring_system	epss
scoring_elements	0.44368
published_at	2026-04-01T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44439
published_at	2026-04-02T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.4446
published_at	2026-04-04T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44395
published_at	2026-04-07T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44446
published_at	2026-04-08T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44453
published_at	2026-04-09T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.4447
published_at	2026-04-11T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44438
published_at	2026-04-12T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44437
published_at	2026-04-13T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44494
published_at	2026-04-16T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44484
published_at	2026-04-18T12:55:00Z

value	0.00218
scoring_system	epss
scoring_elements	0.44415
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-4606

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2016-4606

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m3r3-25yq-hqdc

url VCID-m5fs-um7r-9qh2

vulnerability_id VCID-m5fs-um7r-9qh2

summary curl: libcurl: WebSocket endless loop

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5399.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-5399.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-5399

reference_id

reference_type

scores

value	0.0021
scoring_system	epss
scoring_elements	0.43448
published_at	2026-04-02T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65399
published_at	2026-04-21T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65362
published_at	2026-04-04T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65326
published_at	2026-04-07T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65378
published_at	2026-04-08T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65389
published_at	2026-04-09T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65409
published_at	2026-04-11T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65396
published_at	2026-04-12T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65368
published_at	2026-04-13T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65404
published_at	2026-04-16T12:55:00Z

value	0.00486
scoring_system	epss
scoring_elements	0.65415
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-5399

reference_url

https://curl.se/docs/CVE-2025-5399.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T13:20:18Z/

url

https://curl.se/docs/CVE-2025-5399.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/3168039

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T13:20:18Z/

url

https://hackerone.com/reports/3168039

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2370920
reference_id	2370920
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2370920

reference_url	https://security.archlinux.org/ASA-202506-2
reference_id	ASA-202506-2
reference_type
scores
url	https://security.archlinux.org/ASA-202506-2

reference_url

https://security.archlinux.org/AVG-2895

reference_id

AVG-2895

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2895

reference_url

https://curl.se/docs/CVE-2025-5399.json

reference_id

CVE-2025-5399.json

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-09T13:20:18Z/

url

https://curl.se/docs/CVE-2025-5399.json

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.14.1-1?distro=trixie
purl	pkg:deb/debian/curl@8.14.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2025-5399

risk_score 3.0

exploitability 0.5

weighted_severity 6.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m5fs-um7r-9qh2

url VCID-ma8s-he6x-z7a8

vulnerability_id VCID-ma8s-he6x-z7a8

summary curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate when accessing a URL that uses a numerical IP address, which allows man-in-the-middle attackers to spoof servers via an arbitrary valid certificate.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-2522

reference_id

reference_type

scores

value	0.00292
scoring_system	epss
scoring_elements	0.52591
published_at	2026-04-21T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52452
published_at	2026-04-01T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52498
published_at	2026-04-02T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52525
published_at	2026-04-04T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52491
published_at	2026-04-07T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52544
published_at	2026-04-08T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52539
published_at	2026-04-09T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.5259
published_at	2026-04-11T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52574
published_at	2026-04-12T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52559
published_at	2026-04-13T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52599
published_at	2026-04-16T12:55:00Z

value	0.00292
scoring_system	epss
scoring_elements	0.52605
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-2522

reference_url

https://curl.se/docs/CVE-2014-2522.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2014-2522.html

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2014-2522

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ma8s-he6x-z7a8

url VCID-my7a-jeng-5bhw

vulnerability_id VCID-my7a-jeng-5bhw

summary curl: macidn punycode buffer overread

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6874.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-6874.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-6874

reference_id

reference_type

scores

value	0.0099
scoring_system	epss
scoring_elements	0.76917
published_at	2026-04-21T12:55:00Z

value	0.0099
scoring_system	epss
scoring_elements	0.76826
published_at	2026-04-02T12:55:00Z

value	0.0099
scoring_system	epss
scoring_elements	0.76855
published_at	2026-04-04T12:55:00Z

value	0.0099
scoring_system	epss
scoring_elements	0.76835
published_at	2026-04-07T12:55:00Z

value	0.0099
scoring_system	epss
scoring_elements	0.76866
published_at	2026-04-08T12:55:00Z

value	0.0099
scoring_system	epss
scoring_elements	0.76877
published_at	2026-04-09T12:55:00Z

value	0.0099
scoring_system	epss
scoring_elements	0.76905
published_at	2026-04-11T12:55:00Z

value	0.0099
scoring_system	epss
scoring_elements	0.76884
published_at	2026-04-12T12:55:00Z

value	0.0099
scoring_system	epss
scoring_elements	0.76879
published_at	2026-04-13T12:55:00Z

value	0.0099
scoring_system	epss
scoring_elements	0.7692
published_at	2026-04-16T12:55:00Z

value	0.0099
scoring_system	epss
scoring_elements	0.76925
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-6874

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076996
reference_id	1076996
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1076996

reference_url

http://www.openwall.com/lists/oss-security/2024/07/24/2

reference_id

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:13:40Z/

url

http://www.openwall.com/lists/oss-security/2024/07/24/2

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2299654
reference_id	2299654
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2299654

reference_url

https://hackerone.com/reports/2604391

reference_id

2604391

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:13:40Z/

url

https://hackerone.com/reports/2604391

reference_url

https://curl.se/docs/CVE-2024-6874.html

reference_id

CVE-2024-6874.html

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:13:40Z/

url

https://curl.se/docs/CVE-2024-6874.html

reference_url

https://curl.se/docs/CVE-2024-6874.json

reference_id

CVE-2024-6874.json

reference_type

scores

value	3.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T16:13:40Z/

url

https://curl.se/docs/CVE-2024-6874.json

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.9.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.9.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.9.0-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2024-6874

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-my7a-jeng-5bhw

url VCID-qpfa-s6sd-8yct

vulnerability_id VCID-qpfa-s6sd-8yct

summary curl: Windows OpenSSL engine code injection

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5443.json

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-5443.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-5443

reference_id

reference_type

scores

value	0.00935
scoring_system	epss
scoring_elements	0.76186
published_at	2026-04-21T12:55:00Z

value	0.00935
scoring_system	epss
scoring_elements	0.76205
published_at	2026-04-18T12:55:00Z

value	0.00953
scoring_system	epss
scoring_elements	0.7635
published_at	2026-04-02T12:55:00Z

value	0.00953
scoring_system	epss
scoring_elements	0.76379
published_at	2026-04-04T12:55:00Z

value	0.00953
scoring_system	epss
scoring_elements	0.76359
published_at	2026-04-07T12:55:00Z

value	0.00953
scoring_system	epss
scoring_elements	0.76392
published_at	2026-04-08T12:55:00Z

value	0.00953
scoring_system	epss
scoring_elements	0.76405
published_at	2026-04-09T12:55:00Z

value	0.00953
scoring_system	epss
scoring_elements	0.76431
published_at	2026-04-11T12:55:00Z

value	0.00953
scoring_system	epss
scoring_elements	0.76409
published_at	2026-04-12T12:55:00Z

value	0.00953
scoring_system	epss
scoring_elements	0.76404
published_at	2026-04-13T12:55:00Z

value	0.00953
scoring_system	epss
scoring_elements	0.76444
published_at	2026-04-16T12:55:00Z

value	0.00953
scoring_system	epss
scoring_elements	0.76346
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-5443

reference_url

https://curl.se/docs/CVE-2019-5443.html

reference_id

reference_type

scores

value	High
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2019-5443.html

reference_url	https://hackerone.com/reports/608577
reference_id
reference_type
scores
url	https://hackerone.com/reports/608577

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1772100
reference_id	1772100
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1772100

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2019-5443

risk_score 3.8

exploitability 0.5

weighted_severity 7.6

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qpfa-s6sd-8yct

url VCID-rg54-svzj-x7f9

vulnerability_id VCID-rg54-svzj-x7f9

summary Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35260.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-35260.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-35260

reference_id

reference_type

scores

value	0.00182
scoring_system	epss
scoring_elements	0.3993
published_at	2026-04-02T12:55:00Z

value	0.00182
scoring_system	epss
scoring_elements	0.39957
published_at	2026-04-04T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41282
published_at	2026-04-07T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41341
published_at	2026-04-09T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41333
published_at	2026-04-08T12:55:00Z

value	0.00194
scoring_system	epss
scoring_elements	0.41362
published_at	2026-04-11T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48647
published_at	2026-04-21T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48632
published_at	2026-04-12T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48645
published_at	2026-04-13T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.48694
published_at	2026-04-16T12:55:00Z

value	0.00253
scoring_system	epss
scoring_elements	0.4869
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-35260

reference_url

https://curl.se/docs/CVE-2022-35260.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2022-35260.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1721098

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/

url

https://hackerone.com/reports/1721098

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/

url

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/

url

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2135412
reference_id	2135412
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2135412

reference_url

reference_id

GLSA-202212-01

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/

url

reference_url

reference_id

HT213604

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/

url

reference_url

reference_id

HT213605

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/

url

https://security.netapp.com/advisory/ntap-20230110-0006/

reference_url

reference_id

ntap-20230110-0006

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-27T19:48:27Z/

url

https://security.netapp.com/advisory/ntap-20230110-0006/

reference_url	https://usn.ubuntu.com/5702-1/
reference_id	USN-5702-1
reference_type
scores
url	https://usn.ubuntu.com/5702-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@7.86.0-1?distro=trixie
purl	pkg:deb/debian/curl@7.86.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.86.0-1%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2022-35260

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rg54-svzj-x7f9

url VCID-rhxh-77pj-1bfy

vulnerability_id VCID-rhxh-77pj-1bfy

summary Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27780.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-27780.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-27780

reference_id

reference_type

scores

value	0.00158
scoring_system	epss
scoring_elements	0.36599
published_at	2026-04-21T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36779
published_at	2026-04-04T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36615
published_at	2026-04-07T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36667
published_at	2026-04-08T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36683
published_at	2026-04-09T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36692
published_at	2026-04-11T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36658
published_at	2026-04-12T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36632
published_at	2026-04-13T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36677
published_at	2026-04-16T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36659
published_at	2026-04-18T12:55:00Z

value	0.00158
scoring_system	epss
scoring_elements	0.36748
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-27780

reference_url

https://curl.se/docs/CVE-2022-27780.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2022-27780.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1553841

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T20:10:43Z/

url

https://hackerone.com/reports/1553841

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2082203
reference_id	2082203
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2082203

reference_url

reference_id

AVG-2706

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

GLSA-202212-01

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T20:10:43Z/

url

https://security.netapp.com/advisory/ntap-20220609-0009/

reference_url

reference_id

ntap-20220609-0009

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-07-26T20:10:43Z/

url

https://security.netapp.com/advisory/ntap-20220609-0009/

reference_url	https://usn.ubuntu.com/5412-1/
reference_id	USN-5412-1
reference_type
scores
url	https://usn.ubuntu.com/5412-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@7.83.1-1?distro=trixie
purl	pkg:deb/debian/curl@7.83.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.83.1-1%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2022-27780

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rhxh-77pj-1bfy

url VCID-snaz-pg1h-8kew

vulnerability_id VCID-snaz-pg1h-8kew

summary cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name.

references

reference_url	http://curl.haxx.se/docs/adv_20160127B.html
reference_id
reference_type
scores
url	http://curl.haxx.se/docs/adv_20160127B.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2016-0754

reference_id

reference_type

scores

value	0.00351
scoring_system	epss
scoring_elements	0.57537
published_at	2026-04-21T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.57561
published_at	2026-04-16T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.57557
published_at	2026-04-18T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.57423
published_at	2026-04-01T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.57507
published_at	2026-04-02T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.57528
published_at	2026-04-04T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.57504
published_at	2026-04-07T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.57556
published_at	2026-04-08T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.5756
published_at	2026-04-09T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.57575
published_at	2026-04-11T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.57555
published_at	2026-04-12T12:55:00Z

value	0.00351
scoring_system	epss
scoring_elements	0.57533
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2016-0754

reference_url

https://curl.se/docs/CVE-2016-0754.html

reference_id

reference_type

scores

value	High
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2016-0754.html

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl::::::::
reference_id	cpe:2.3:a:haxx:curl::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:haxx:curl::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows::::::::
reference_id	cpe:2.3:o:microsoft:windows::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:microsoft:windows::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-0754

reference_id

CVE-2016-0754

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:P/A:N

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://nvd.nist.gov/vuln/detail/CVE-2016-0754

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2016-0754

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-snaz-pg1h-8kew

url VCID-t753-w1ha-kqaz

vulnerability_id VCID-t753-w1ha-kqaz

summary

Multiple vulnerabilities have been found in cURL, the worst of
    which could allow remote attackers to execute arbitrary code.

references

reference_url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8151.json
reference_id
reference_type
scores
url	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2014-8151.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-8151

reference_id

reference_type

scores

value	0.00424
scoring_system	epss
scoring_elements	0.62225
published_at	2026-04-21T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62074
published_at	2026-04-01T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62134
published_at	2026-04-07T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62166
published_at	2026-04-04T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62184
published_at	2026-04-08T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62202
published_at	2026-04-09T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.6222
published_at	2026-04-11T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.6221
published_at	2026-04-12T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62189
published_at	2026-04-13T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62234
published_at	2026-04-16T12:55:00Z

value	0.00424
scoring_system	epss
scoring_elements	0.62241
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-8151

reference_url

https://curl.se/docs/CVE-2014-8151.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2014-8151.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1178698
reference_id	1178698
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1178698

reference_url	https://security.gentoo.org/glsa/201701-47
reference_id	GLSA-201701-47
reference_type
scores
url	https://security.gentoo.org/glsa/201701-47

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2014-8151

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t753-w1ha-kqaz

url VCID-t9p4-2x7v-yfaq

vulnerability_id VCID-t9p4-2x7v-yfaq

summary

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-0167

reference_id

reference_type

scores

value	0.00331
scoring_system	epss
scoring_elements	0.56114
published_at	2026-04-11T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56103
published_at	2026-04-09T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56112
published_at	2026-04-18T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56109
published_at	2026-04-16T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56074
published_at	2026-04-13T12:55:00Z

value	0.00331
scoring_system	epss
scoring_elements	0.56091
published_at	2026-04-12T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56809
published_at	2026-04-21T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56789
published_at	2026-04-02T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.5681
published_at	2026-04-04T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56786
published_at	2026-04-07T12:55:00Z

value	0.00341
scoring_system	epss
scoring_elements	0.56838
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-0167

reference_url

https://curl.se/docs/CVE-2025-0167.html

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/

url

https://curl.se/docs/CVE-2025-0167.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2917232

reference_id

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/

url

https://hackerone.com/reports/2917232

reference_url

https://curl.se/docs/CVE-2025-0167.json

reference_id

CVE-2025-0167.json

reference_type

scores

value	3.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-05T15:52:41Z/

url

https://curl.se/docs/CVE-2025-0167.json

reference_url	https://usn.ubuntu.com/8084-1/
reference_id	USN-8084-1
reference_type
scores
url	https://usn.ubuntu.com/8084-1/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@7.88.1-10%2Bdeb12u11?distro=trixie
purl	pkg:deb/debian/curl@7.88.1-10%2Bdeb12u11?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u11%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.12.0%2Bgit20250209.89ed161%2Bds-1?distro=trixie
purl	pkg:deb/debian/curl@8.12.0%2Bgit20250209.89ed161%2Bds-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.12.0%252Bgit20250209.89ed161%252Bds-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2025-0167

risk_score 1.4

exploitability 0.5

weighted_severity 2.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-t9p4-2x7v-yfaq

url VCID-tha5-fv3w-sub6

vulnerability_id VCID-tha5-fv3w-sub6

summary Multiple vulnerabilities have been discovered in curl, the worst of which could lead to information disclosure.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-2004.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-2004

reference_id

reference_type

scores

value	0.00838
scoring_system	epss
scoring_elements	0.7472
published_at	2026-04-21T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74642
published_at	2026-04-02T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74669
published_at	2026-04-04T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74644
published_at	2026-04-07T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74675
published_at	2026-04-08T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.7469
published_at	2026-04-09T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74713
published_at	2026-04-11T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74693
published_at	2026-04-12T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74685
published_at	2026-04-13T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74722
published_at	2026-04-16T12:55:00Z

value	0.00838
scoring_system	epss
scoring_elements	0.74729
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-2004

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

http://www.openwall.com/lists/oss-security/2024/03/27/1

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

http://www.openwall.com/lists/oss-security/2024/03/27/1

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://hackerone.com/reports/2384833

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2270500
reference_id	2270500
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2270500

reference_url

reference_id

2384833

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://hackerone.com/reports/2384833

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

reference_id

2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2D44YLAUFJU6BZ4XFG2FYV7SBKXB5IZ6/

reference_url

https://curl.se/docs/CVE-2024-2004.html

reference_id

CVE-2024-2004.html

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://curl.se/docs/CVE-2024-2004.html

reference_url

https://curl.se/docs/CVE-2024-2004.json

reference_id

CVE-2024-2004.json

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://curl.se/docs/CVE-2024-2004.json

reference_url	https://security.gentoo.org/glsa/202409-20
reference_id	GLSA-202409-20
reference_type
scores
url	https://security.gentoo.org/glsa/202409-20

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

reference_id

GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GMD6UYKCCRCYETWQZUJ65ZRFULT6SHLI/

reference_url

reference_id

HT214118

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

HT214119

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

reference_url

reference_id

HT214120

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://security.netapp.com/advisory/ntap-20240524-0006/

reference_url

reference_id

ntap-20240524-0006

reference_type

scores

value	3.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-25T18:17:42Z/

url

https://security.netapp.com/advisory/ntap-20240524-0006/

reference_url	https://access.redhat.com/errata/RHSA-2024:2693
reference_id	RHSA-2024:2693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2693

reference_url	https://access.redhat.com/errata/RHSA-2024:2694
reference_id	RHSA-2024:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2694

reference_url	https://usn.ubuntu.com/6718-1/
reference_id	USN-6718-1
reference_type
scores
url	https://usn.ubuntu.com/6718-1/

reference_url	https://usn.ubuntu.com/6718-3/
reference_id	USN-6718-3
reference_type
scores
url	https://usn.ubuntu.com/6718-3/

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url	pkg:deb/debian/curl@7.88.1-10%2Bdeb12u6?distro=trixie
purl	pkg:deb/debian/curl@7.88.1-10%2Bdeb12u6?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u6%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url	pkg:deb/debian/curl@8.7.1-1?distro=trixie
purl	pkg:deb/debian/curl@8.7.1-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.7.1-1%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2024-2004

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tha5-fv3w-sub6

url VCID-u9jp-j1ds-73e7

vulnerability_id VCID-u9jp-j1ds-73e7

summary curl: URL file scheme drive letter buffer overflow

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9502.json

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-9502.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2017-9502

reference_id

reference_type

scores

value	0.00555
scoring_system	epss
scoring_elements	0.68058
published_at	2026-04-01T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.6808
published_at	2026-04-02T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68099
published_at	2026-04-04T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68077
published_at	2026-04-07T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68128
published_at	2026-04-08T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68143
published_at	2026-04-09T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68167
published_at	2026-04-11T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68154
published_at	2026-04-12T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68121
published_at	2026-04-13T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68157
published_at	2026-04-16T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.6817
published_at	2026-04-18T12:55:00Z

value	0.00555
scoring_system	epss
scoring_elements	0.68152
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2017-9502

reference_url

https://curl.se/docs/CVE-2017-9502.html

reference_id

reference_type

scores

value	High
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2017-9502.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1461321
reference_id	1461321
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1461321

fixed_packages

url	pkg:deb/debian/curl@0?distro=trixie
purl	pkg:deb/debian/curl@0?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@0%3Fdistro=trixie

url pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

purl pkg:deb/debian/curl@7.74.0-1.3%2Bdeb11u13?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-4e1k-7bj9-hfch

vulnerability	VCID-4gze-cwtp-2bgr

vulnerability	VCID-4seq-hvbx-7fg8

vulnerability	VCID-56wg-yafz-gkgx

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-ddgz-rczw-jqfw

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-pwn6-j8vf-rufk

vulnerability	VCID-qbpd-star-6fgn

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

vulnerability	VCID-xpss-yndr-mycj

vulnerability	VCID-yaas-j3qk-kfdg

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.74.0-1.3%252Bdeb11u13%3Fdistro=trixie

url pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

purl pkg:deb/debian/curl@7.88.1-10%2Bdeb12u14?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-2szj-xvgq-pkfr

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-6we4-n888-6qhe

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-ksap-zrmb-ebcu

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@7.88.1-10%252Bdeb12u14%3Fdistro=trixie

url pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

purl pkg:deb/debian/curl@8.14.1-2%2Bdeb13u2?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2cx5-1qnw-uufj

vulnerability	VCID-5xp7-mcsa-uqd4

vulnerability	VCID-8zks-th64-33b8

vulnerability	VCID-amgy-dw6h-6ydf

vulnerability	VCID-etzn-uhck-h7b2

vulnerability	VCID-kt4b-7ffh-4bch

vulnerability	VCID-mkyr-w79c-qqfz

vulnerability	VCID-nvzd-v3bs-6qek

vulnerability	VCID-qpux-jh6k-8qhx

vulnerability	VCID-vbbv-k1r7-kkas

vulnerability	VCID-x57x-w8g8-7ybz

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.14.1-2%252Bdeb13u2%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-1?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-1%3Fdistro=trixie

url	pkg:deb/debian/curl@8.19.0-3?distro=trixie
purl	pkg:deb/debian/curl@8.19.0-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.19.0-3%3Fdistro=trixie

url	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
purl	pkg:deb/debian/curl@8.20.0~rc2-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/curl@8.20.0~rc2-1%3Fdistro=trixie

aliases CVE-2017-9502

risk_score 3.5

exploitability 0.5

weighted_severity 7.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u9jp-j1ds-73e7

url VCID-v9n1-d6xt-6ubn

vulnerability_id VCID-v9n1-d6xt-6ubn

summary Multiple vulnerabilities have been found in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30115.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-30115.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-30115

reference_id

reference_type

scores

value	0.00101
scoring_system	epss
scoring_elements	0.27713
published_at	2026-04-21T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27774
published_at	2026-04-13T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.2778
published_at	2026-04-16T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27755
published_at	2026-04-18T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27925
published_at	2026-04-02T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27967
published_at	2026-04-04T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27758
published_at	2026-04-07T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27826
published_at	2026-04-08T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27867
published_at	2026-04-09T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27873
published_at	2026-04-11T12:55:00Z

value	0.00101
scoring_system	epss
scoring_elements	0.27831
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-30115

reference_url

https://curl.se/docs/CVE-2022-30115.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2022-30115.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1557449
reference_id
reference_type
scores
url	https://hackerone.com/reports/1557449

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2082223
reference_id	2082223
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2082223

reference_url

reference_id

AVG-2706

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url