Package Instance

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html

reference_url

reference_id

msg00016.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html

reference_url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_id

ntap-20230609-0009

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4354
reference_id	RHSA-2023:4354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4354

reference_url	https://access.redhat.com/errata/RHSA-2023:4523
reference_id	RHSA-2023:4523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4523

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://access.redhat.com/errata/RHSA-2023:5598
reference_id	RHSA-2023:5598
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5598

reference_url	https://access.redhat.com/errata/RHSA-2023:6292
reference_id	RHSA-2023:6292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6292

reference_url	https://usn.ubuntu.com/6237-1/
reference_id	USN-6237-1
reference_type
scores
url	https://usn.ubuntu.com/6237-1/

reference_url	https://usn.ubuntu.com/6237-3/
reference_id	USN-6237-3
reference_type
scores
url	https://usn.ubuntu.com/6237-3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

reference_id

Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:54:13Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-28321

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-47qb-2qkw-1qej

url VCID-4e1k-7bj9-hfch

vulnerability_id VCID-4e1k-7bj9-hfch

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23914.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23914.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23914

reference_id

reference_type

scores

value	0.00126
scoring_system	epss
scoring_elements	0.31738
published_at	2026-04-24T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31911
published_at	2026-04-07T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31963
published_at	2026-04-08T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31992
published_at	2026-04-09T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31995
published_at	2026-04-11T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31955
published_at	2026-04-16T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31922
published_at	2026-04-13T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31934
published_at	2026-04-18T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.31906
published_at	2026-04-21T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32048
published_at	2026-04-02T12:55:00Z

value	0.00126
scoring_system	epss
scoring_elements	0.32088
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23914

reference_url

https://curl.se/docs/CVE-2023-23914.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-23914.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23914

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1813864

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/

url

https://hackerone.com/reports/1813864

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371
reference_id	1031371
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2167797
reference_id	2167797
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2167797

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/

url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_url

reference_id

ntap-20230309-0006

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-03-12T18:51:37Z/

url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://usn.ubuntu.com/5891-1/
reference_id	USN-5891-1
reference_type
scores
url	https://usn.ubuntu.com/5891-1/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-23914

risk_score 4.1

exploitability 0.5

weighted_severity 8.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4e1k-7bj9-hfch

url VCID-4gze-cwtp-2bgr

vulnerability_id VCID-4gze-cwtp-2bgr

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23915.json

reference_id

reference_type

scores

value	4.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23915.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23915

reference_id

reference_type

scores

value	0.00045
scoring_system	epss
scoring_elements	0.13848
published_at	2026-04-24T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1392
published_at	2026-04-08T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13973
published_at	2026-04-09T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.1393
published_at	2026-04-11T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13894
published_at	2026-04-12T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13846
published_at	2026-04-13T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13754
published_at	2026-04-16T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13749
published_at	2026-04-18T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13823
published_at	2026-04-21T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13978
published_at	2026-04-02T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.14033
published_at	2026-04-04T12:55:00Z

value	0.00045
scoring_system	epss
scoring_elements	0.13836
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23915

reference_url

https://curl.se/docs/CVE-2023-23915.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-23915.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23915
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23915

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1814333
reference_id
reference_type
scores
url	https://hackerone.com/reports/1814333

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371
reference_id	1031371
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2167813
reference_id	2167813
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2167813

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:46:29Z/

url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_url

reference_id

ntap-20230309-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:46:29Z/

url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://usn.ubuntu.com/5891-1/
reference_id	USN-5891-1
reference_type
scores
url	https://usn.ubuntu.com/5891-1/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-23915

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4gze-cwtp-2bgr

url VCID-7srk-hshe-h3f4

vulnerability_id VCID-7srk-hshe-h3f4

summary

Improper Authentication
An authentication bypass vulnerability exists in libcurl v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27538.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27538

reference_id

reference_type

scores

value	0.00012
scoring_system	epss
scoring_elements	0.01629
published_at	2026-04-24T12:55:00Z

value	0.00012
scoring_system	epss
scoring_elements	0.01621
published_at	2026-04-21T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03574
published_at	2026-04-02T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03588
published_at	2026-04-04T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03599
published_at	2026-04-07T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.036
published_at	2026-04-08T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03622
published_at	2026-04-09T12:55:00Z

value	0.00016
scoring_system	epss
scoring_elements	0.03579
published_at	2026-04-11T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05601
published_at	2026-04-12T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05595
published_at	2026-04-13T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05545
published_at	2026-04-16T12:55:00Z

value	0.00021
scoring_system	epss
scoring_elements	0.05559
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27538

reference_url

https://curl.se/docs/CVE-2023-27538.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27538.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27538

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1898475

reference_id

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://hackerone.com/reports/1898475

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179103
reference_id	2179103
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179103

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27538
reference_id	CVE-2023-27538
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27538

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

reference_id

msg00025.html

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_id

ntap-20230420-0010

reference_type

scores

value	7.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-09T14:52:04Z/

url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-27538

risk_score 3.5

exploitability 0.5

weighted_severity 6.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7srk-hshe-h3f4

url VCID-9ggp-5wfj-ufcq

vulnerability_id VCID-9ggp-5wfj-ufcq

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43552.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-43552

reference_id

reference_type

scores

value	0.00104
scoring_system	epss
scoring_elements	0.28135
published_at	2026-04-24T12:55:00Z

value	0.00104
scoring_system	epss
scoring_elements	0.28229
published_at	2026-04-21T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42458
published_at	2026-04-16T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42428
published_at	2026-04-02T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42455
published_at	2026-04-09T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42447
published_at	2026-04-08T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42397
published_at	2026-04-07T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42433
published_at	2026-04-18T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42409
published_at	2026-04-13T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.4244
published_at	2026-04-12T12:55:00Z

value	0.00203
scoring_system	epss
scoring_elements	0.42477
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-43552

reference_url

https://curl.se/docs/CVE-2022-43552.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2022-43552.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32221

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43552

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1764858

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/

url

https://hackerone.com/reports/1764858

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830
reference_id	1026830
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026830

reference_url

http://seclists.org/fulldisclosure/2023/Mar/17

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/

url

http://seclists.org/fulldisclosure/2023/Mar/17

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2152652
reference_id	2152652
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2152652

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/

url

https://support.apple.com/kb/HT213670

reference_url

reference_id

HT213670

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/

url

https://support.apple.com/kb/HT213670

reference_url

https://security.netapp.com/advisory/ntap-20230214-0002/

reference_id

ntap-20230214-0002

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-07-24T14:27:40Z/

url

https://security.netapp.com/advisory/ntap-20230214-0002/

reference_url	https://access.redhat.com/errata/RHSA-2023:2478
reference_id	RHSA-2023:2478
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2478

reference_url	https://access.redhat.com/errata/RHSA-2023:2963
reference_id	RHSA-2023:2963
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2963

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:7743
reference_id	RHSA-2023:7743
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7743

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://usn.ubuntu.com/5788-1/
reference_id	USN-5788-1
reference_type
scores
url	https://usn.ubuntu.com/5788-1/

reference_url	https://usn.ubuntu.com/5894-1/
reference_id	USN-5894-1
reference_type
scores
url	https://usn.ubuntu.com/5894-1/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2022-43552

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9ggp-5wfj-ufcq

url VCID-arjz-67yz-wkg9

vulnerability_id VCID-arjz-67yz-wkg9

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json

reference_id

reference_type

scores

value	4.3
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27533.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27533

reference_id

reference_type

scores

value	0.00174
scoring_system	epss
scoring_elements	0.38554
published_at	2026-04-24T12:55:00Z

value	0.00174
scoring_system	epss
scoring_elements	0.38719
published_at	2026-04-21T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40439
published_at	2026-04-02T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40465
published_at	2026-04-04T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40389
published_at	2026-04-07T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.4044
published_at	2026-04-08T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40451
published_at	2026-04-09T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40472
published_at	2026-04-11T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40434
published_at	2026-04-12T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40415
published_at	2026-04-13T12:55:00Z

value	0.00186
scoring_system	epss
scoring_elements	0.40463
published_at	2026-04-16T12:55:00Z

value	0.00216
scoring_system	epss
scoring_elements	0.4427
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27533

reference_url

https://curl.se/docs/CVE-2023-27533.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27533.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27533

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1891474

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://hackerone.com/reports/1891474

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179062
reference_id	2179062
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179062

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_id

36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

reference_id

msg00025.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0011/

reference_id

ntap-20230420-0011

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2026-02-13T20:09:15Z/

url

https://security.netapp.com/advisory/ntap-20230420-0011/

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

reference_url	https://usn.ubuntu.com/5964-2/
reference_id	USN-5964-2
reference_type
scores
url	https://usn.ubuntu.com/5964-2/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-27533

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-arjz-67yz-wkg9

url VCID-bz4u-6rft-s3a8

vulnerability_id VCID-bz4u-6rft-s3a8

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38039.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38039

reference_id

reference_type

scores

value	0.12305
scoring_system	epss
scoring_elements	0.93847
published_at	2026-04-07T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.9386
published_at	2026-04-09T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93856
published_at	2026-04-08T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93845
published_at	2026-04-04T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93835
published_at	2026-04-02T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93896
published_at	2026-04-24T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93894
published_at	2026-04-21T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93893
published_at	2026-04-18T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93887
published_at	2026-04-16T12:55:00Z

value	0.12305
scoring_system	epss
scoring_elements	0.93865
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38039

reference_url

https://curl.se/docs/CVE-2023-38039.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-38039.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/2072338

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://hackerone.com/reports/2072338

reference_url

http://seclists.org/fulldisclosure/2023/Oct/17

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

http://seclists.org/fulldisclosure/2023/Oct/17

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2239135
reference_id	2239135
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2239135

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/

reference_url

reference_id

5DCZMYODALBLVOXVJEN2LF2MLANEYL4F

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5DCZMYODALBLVOXVJEN2LF2MLANEYL4F/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214036

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214057

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214058

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

reference_url

reference_id

HT214063

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/

reference_url

reference_id

M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M6KGKB2JNZVT276JYSKI6FV2VFJUGDOJ/

reference_url

https://security.netapp.com/advisory/ntap-20231013-0005/

reference_id

ntap-20231013-0005

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://security.netapp.com/advisory/ntap-20231013-0005/

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url

https://www.insyde.com/security-pledge/SA-2023064

reference_id

SA-2023064

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://www.insyde.com/security-pledge/SA-2023064

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/

reference_id

TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-03T19:17:43Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TEAWTYHC3RT6ZRS5OZRHLAIENVN6CCIS/

reference_url	https://usn.ubuntu.com/6363-1/
reference_id	USN-6363-1
reference_type
scores
url	https://usn.ubuntu.com/6363-1/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-38039

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bz4u-6rft-s3a8

url VCID-cbah-e86c-w3fj

vulnerability_id VCID-cbah-e86c-w3fj

summary

Improper Authentication
An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain FTP settings such as CURLOPT_FTP_ACCOUNT, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_FTP_SSL_CCC, and CURLOPT_USE_SSL were not included in the configuration match checks, causing them to match too easily. This could lead to libcurl using the wrong credentials when performing a transfer, potentially allowing unauthorized access to sensitive information.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27535.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27535

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10758
published_at	2026-04-24T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10803
published_at	2026-04-21T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20386
published_at	2026-04-02T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20446
published_at	2026-04-04T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.2017
published_at	2026-04-07T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20251
published_at	2026-04-08T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20311
published_at	2026-04-09T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20341
published_at	2026-04-11T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20295
published_at	2026-04-12T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20236
published_at	2026-04-13T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20226
published_at	2026-04-16T12:55:00Z

value	0.00065
scoring_system	epss
scoring_elements	0.20231
published_at	2026-04-18T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27535

reference_url

https://curl.se/docs/CVE-2023-27535.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27535.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27535

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1892780

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://hackerone.com/reports/1892780

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179073
reference_id	2179073
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179073

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_id

36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27535
reference_id	CVE-2023-27535
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27535

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

reference_id

msg00025.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_id

ntap-20230420-0010

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-06-03T18:24:11Z/

url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:2650
reference_id	RHSA-2023:2650
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2650

reference_url	https://access.redhat.com/errata/RHSA-2023:3106
reference_id	RHSA-2023:3106
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3106

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

reference_url	https://usn.ubuntu.com/5964-2/
reference_id	USN-5964-2
reference_type
scores
url	https://usn.ubuntu.com/5964-2/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-27535

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cbah-e86c-w3fj

url VCID-ddgz-rczw-jqfw

vulnerability_id VCID-ddgz-rczw-jqfw

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28320.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28320

reference_id

reference_type

scores

value	0.00538
scoring_system	epss
scoring_elements	0.67593
published_at	2026-04-18T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67504
published_at	2026-04-07T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67581
published_at	2026-04-16T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67546
published_at	2026-04-13T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67579
published_at	2026-04-12T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67592
published_at	2026-04-11T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.6757
published_at	2026-04-09T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67526
published_at	2026-04-04T12:55:00Z

value	0.00538
scoring_system	epss
scoring_elements	0.67556
published_at	2026-04-08T12:55:00Z

value	0.00641
scoring_system	epss
scoring_elements	0.70673
published_at	2026-04-24T12:55:00Z

value	0.00641
scoring_system	epss
scoring_elements	0.70622
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28320

reference_url

https://curl.se/docs/CVE-2023-28320.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-28320.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28320

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1929597

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

https://hackerone.com/reports/1929597

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id	1036239
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196783
reference_id	2196783
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196783

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url

reference_id

ntap-20230609-0009

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:57:47Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-28320

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ddgz-rczw-jqfw

url VCID-gnx2-djyk-uyaf

vulnerability_id VCID-gnx2-djyk-uyaf

summary

Cookie injection with none file
This flaw allows an attacker to insert cookies at will into a running program
using libcurl, if the specific series of conditions are met.

libcurl performs transfers. In its API, an application creates "easy handles"
that are the individual handles for single transfers.

libcurl provides a function call that duplicates en easy handle called
[curl_easy_duphandle](https://curl.se/libcurl/c/curl_easy_duphandle.html).

If a transfer has cookies enabled when the handle is duplicated, the
cookie-enable state is also cloned - but without cloning the actual
cookies. If the source handle does not read any cookies from a specific file on
disk, the cloned version of the handle would instead store the file name as
`none` (using the four ASCII letters, no quotes).

Subsequent use of the cloned handle that does not explicitly set a source to
load cookies from would then inadvertently load cookies from a file named
`none` - if such a file exists and is readable in the current directory of the
program using libcurl. And if using the correct file format of course.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38546.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38546

reference_id

reference_type

scores

value	0.00256
scoring_system	epss
scoring_elements	0.49032
published_at	2026-04-18T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49036
published_at	2026-04-16T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48985
published_at	2026-04-24T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48964
published_at	2026-04-02T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.49012
published_at	2026-04-11T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48995
published_at	2026-04-09T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48998
published_at	2026-04-08T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48991
published_at	2026-04-13T12:55:00Z

value	0.00256
scoring_system	epss
scoring_elements	0.48944
published_at	2026-04-07T12:55:00Z

value	0.00263
scoring_system	epss
scoring_elements	0.49733
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38546

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/2148242
reference_id
reference_type
scores
url	https://hackerone.com/reports/2148242

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2241938
reference_id	2241938
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2241938

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

AVG-2845

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2846

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://curl.se/docs/CVE-2023-38546.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38546
reference_id	CVE-2023-38546
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38546

reference_url

reference_id

CVE-2023-38546.HTML

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://curl.se/docs/CVE-2023-38546.html

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

reference_url

reference_id

HT214036

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

HT214057

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

HT214058

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

reference_url

reference_id

HT214063

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_url

reference_id

OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_url	https://access.redhat.com/errata/RHSA-2023:5700
reference_id	RHSA-2023:5700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5700

reference_url	https://access.redhat.com/errata/RHSA-2023:5763
reference_id	RHSA-2023:5763
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5763

reference_url	https://access.redhat.com/errata/RHSA-2023:6292
reference_id	RHSA-2023:6292
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6292

reference_url	https://access.redhat.com/errata/RHSA-2023:6745
reference_id	RHSA-2023:6745
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6745

reference_url	https://access.redhat.com/errata/RHSA-2023:7540
reference_id	RHSA-2023:7540
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7540

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2024:1601
reference_id	RHSA-2024:1601
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1601

reference_url	https://access.redhat.com/errata/RHSA-2024:2092
reference_id	RHSA-2024:2092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2092

reference_url	https://access.redhat.com/errata/RHSA-2024:2093
reference_id	RHSA-2024:2093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2093

reference_url	https://access.redhat.com/errata/RHSA-2024:2101
reference_id	RHSA-2024:2101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2101

reference_url	https://usn.ubuntu.com/6429-1/
reference_id	USN-6429-1
reference_type
scores
url	https://usn.ubuntu.com/6429-1/

reference_url	https://usn.ubuntu.com/6429-2/
reference_id	USN-6429-2
reference_type
scores
url	https://usn.ubuntu.com/6429-2/

reference_url	https://usn.ubuntu.com/6429-3/
reference_id	USN-6429-3
reference_type
scores
url	https://usn.ubuntu.com/6429-3/

reference_url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

reference_id

viewtopic.php?f=8&t=8868

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-13T15:01:53Z/

url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-38546

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gnx2-djyk-uyaf

url VCID-ke81-x2ze-rbc5

vulnerability_id VCID-ke81-x2ze-rbc5

summary

Double Free
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json

reference_id

reference_type

scores

value	5.6
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27537.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27537

reference_id

reference_type

scores

value	0.00047
scoring_system	epss
scoring_elements	0.14558
published_at	2026-04-09T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14539
published_at	2026-04-02T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14609
published_at	2026-04-04T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14418
published_at	2026-04-07T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14504
published_at	2026-04-08T12:55:00Z

value	0.00047
scoring_system	epss
scoring_elements	0.14506
published_at	2026-04-11T12:55:00Z

value	0.00061
scoring_system	epss
scoring_elements	0.1908
published_at	2026-04-16T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21741
published_at	2026-04-18T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.2156
published_at	2026-04-24T12:55:00Z

value	0.00071
scoring_system	epss
scoring_elements	0.21707
published_at	2026-04-21T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24288
published_at	2026-04-13T12:55:00Z

value	0.00083
scoring_system	epss
scoring_elements	0.24345
published_at	2026-04-12T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27537

reference_url

https://curl.se/docs/CVE-2023-27537.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27537.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1897203
reference_id
reference_type
scores
url	https://hackerone.com/reports/1897203

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179097
reference_id	2179097
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179097

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27537
reference_id	CVE-2023-27537
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27537

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-27537

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ke81-x2ze-rbc5

url VCID-m15r-v9sr-2bbn

vulnerability_id VCID-m15r-v9sr-2bbn

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28319.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28319

reference_id

reference_type

scores

value	0.0032
scoring_system	epss
scoring_elements	0.55052
published_at	2026-04-24T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55072
published_at	2026-04-02T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55097
published_at	2026-04-13T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55073
published_at	2026-04-07T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55122
published_at	2026-04-09T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55134
published_at	2026-04-16T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55114
published_at	2026-04-12T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55138
published_at	2026-04-18T12:55:00Z

value	0.0032
scoring_system	epss
scoring_elements	0.55117
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28319

reference_url

https://curl.se/docs/CVE-2023-28319.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-28319.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1913733

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://hackerone.com/reports/1913733

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id	1036239
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196778
reference_id	2196778
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196778

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url

reference_id

ntap-20230609-0009

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-01-15T15:59:44Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-28319

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m15r-v9sr-2bbn

url VCID-ms2r-94ph-yyh3

vulnerability_id VCID-ms2r-94ph-yyh3

summary

Improper Authentication
An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27536.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27536

reference_id

reference_type

scores

value	0.00011
scoring_system	epss
scoring_elements	0.01379
published_at	2026-04-24T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01285
published_at	2026-04-02T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0129
published_at	2026-04-04T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01301
published_at	2026-04-07T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01306
published_at	2026-04-08T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.0131
published_at	2026-04-09T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01294
published_at	2026-04-11T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01288
published_at	2026-04-12T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01291
published_at	2026-04-13T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01282
published_at	2026-04-16T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01295
published_at	2026-04-18T12:55:00Z

value	0.00011
scoring_system	epss
scoring_elements	0.01369
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27536

reference_url

https://curl.se/docs/CVE-2023-27536.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27536.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27536

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1895135

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://hackerone.com/reports/1895135

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179092
reference_id	2179092
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179092

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_id

36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-27536
reference_id	CVE-2023-27536
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-27536

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

reference_id

msg00025.html

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html

reference_url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_id

ntap-20230420-0010

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-14T15:39:19Z/

url

https://security.netapp.com/advisory/ntap-20230420-0010/

reference_url	https://access.redhat.com/errata/RHSA-2023:4523
reference_id	RHSA-2023:4523
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4523

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

reference_url	https://usn.ubuntu.com/5964-2/
reference_id	USN-5964-2
reference_type
scores
url	https://usn.ubuntu.com/5964-2/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-27536

risk_score 2.6

exploitability 0.5

weighted_severity 5.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ms2r-94ph-yyh3

url VCID-n57n-cymy-z7dr

vulnerability_id VCID-n57n-cymy-z7dr

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23916.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23916.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23916

reference_id

reference_type

scores

value	0.00092
scoring_system	epss
scoring_elements	0.25798
published_at	2026-04-24T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2607
published_at	2026-04-02T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2611
published_at	2026-04-04T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25878
published_at	2026-04-07T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25948
published_at	2026-04-08T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25999
published_at	2026-04-09T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.26009
published_at	2026-04-11T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25964
published_at	2026-04-12T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25905
published_at	2026-04-13T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25909
published_at	2026-04-16T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.2589
published_at	2026-04-18T12:55:00Z

value	0.00092
scoring_system	epss
scoring_elements	0.25861
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23916

reference_url

https://curl.se/docs/CVE-2023-23916.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-23916.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-23916

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1826048

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://hackerone.com/reports/1826048

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371
reference_id	1031371
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031371

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2167815
reference_id	2167815
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2167815

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/

reference_id

BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BQKE6TXYDHOTFHLTBZ5X73GTKI7II5KO/

reference_url

https://www.debian.org/security/2023/dsa-5365

reference_id

dsa-5365

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://www.debian.org/security/2023/dsa-5365

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html

reference_url

reference_id

msg00035.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://lists.debian.org/debian-lts-announce/2023/02/msg00035.html

reference_url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_id

ntap-20230309-0006

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-12T18:24:35Z/

url

https://security.netapp.com/advisory/ntap-20230309-0006/

reference_url	https://access.redhat.com/errata/RHSA-2023:1140
reference_id	RHSA-2023:1140
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1140

reference_url	https://access.redhat.com/errata/RHSA-2023:1701
reference_id	RHSA-2023:1701
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1701

reference_url	https://access.redhat.com/errata/RHSA-2023:1842
reference_id	RHSA-2023:1842
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1842

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:3460
reference_id	RHSA-2023:3460
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3460

reference_url	https://access.redhat.com/errata/RHSA-2023:4139
reference_id	RHSA-2023:4139
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4139

reference_url	https://usn.ubuntu.com/5891-1/
reference_id	USN-5891-1
reference_type
scores
url	https://usn.ubuntu.com/5891-1/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-23916

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n57n-cymy-z7dr

url VCID-s73y-y7v7-43cm

vulnerability_id VCID-s73y-y7v7-43cm

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-28322.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-28322

reference_id

reference_type

scores

value	0.00581
scoring_system	epss
scoring_elements	0.68981
published_at	2026-04-24T12:55:00Z

value	0.00581
scoring_system	epss
scoring_elements	0.6893
published_at	2026-04-21T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70238
published_at	2026-04-02T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70294
published_at	2026-04-09T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70278
published_at	2026-04-08T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70232
published_at	2026-04-07T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70255
published_at	2026-04-04T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70341
published_at	2026-04-18T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70331
published_at	2026-04-16T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70289
published_at	2026-04-13T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70302
published_at	2026-04-12T12:55:00Z

value	0.00631
scoring_system	epss
scoring_elements	0.70317
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-28322

reference_url

https://curl.se/docs/CVE-2023-28322.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-28322.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28322

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1954658

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://hackerone.com/reports/1954658

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239
reference_id	1036239
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1036239

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2196793
reference_id	2196793
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2196793

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/F4I75RDGX5ULSSCBE5BF3P5I5SFO7ULQ/

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

HT213843

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

HT213844

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

reference_url

reference_id

HT213845

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html

reference_url

reference_id

msg00015.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.debian.org/debian-lts-announce/2023/12/msg00015.html

reference_url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_id

ntap-20230609-0009

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://security.netapp.com/advisory/ntap-20230609-0009/

reference_url	https://access.redhat.com/errata/RHSA-2023:4354
reference_id	RHSA-2023:4354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4354

reference_url	https://access.redhat.com/errata/RHSA-2023:4628
reference_id	RHSA-2023:4628
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4628

reference_url	https://access.redhat.com/errata/RHSA-2023:4629
reference_id	RHSA-2023:4629
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4629

reference_url	https://access.redhat.com/errata/RHSA-2023:5598
reference_id	RHSA-2023:5598
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5598

reference_url	https://access.redhat.com/errata/RHSA-2024:0428
reference_id	RHSA-2024:0428
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0428

reference_url	https://access.redhat.com/errata/RHSA-2024:0585
reference_id	RHSA-2024:0585
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0585

reference_url	https://access.redhat.com/errata/RHSA-2024:1601
reference_id	RHSA-2024:1601
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1601

reference_url	https://access.redhat.com/errata/RHSA-2024:2092
reference_id	RHSA-2024:2092
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2092

reference_url	https://access.redhat.com/errata/RHSA-2024:2093
reference_id	RHSA-2024:2093
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2093

reference_url	https://usn.ubuntu.com/6237-1/
reference_id	USN-6237-1
reference_type
scores
url	https://usn.ubuntu.com/6237-1/

reference_url	https://usn.ubuntu.com/6237-3/
reference_id	USN-6237-3
reference_type
scores
url	https://usn.ubuntu.com/6237-3/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

reference_id

Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2026-02-13T19:43:16Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z2LIWHWKOVH24COGGBCVOWDXXIUPKOMK/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-28322

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s73y-y7v7-43cm

url VCID-syz5-5y6f-s7er

vulnerability_id VCID-syz5-5y6f-s7er

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-27534.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-27534

reference_id

reference_type

scores

value	0.00064
scoring_system	epss
scoring_elements	0.19779
published_at	2026-04-24T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19887
published_at	2026-04-18T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19885
published_at	2026-04-21T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20068
published_at	2026-04-02T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20126
published_at	2026-04-04T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19854
published_at	2026-04-07T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19933
published_at	2026-04-08T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19988
published_at	2026-04-09T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.20007
published_at	2026-04-11T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19963
published_at	2026-04-12T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19904
published_at	2026-04-13T12:55:00Z

value	0.00064
scoring_system	epss
scoring_elements	0.19882
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-27534

reference_url

https://curl.se/docs/CVE-2023-27534.html

reference_id

reference_type

scores

value	Low
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2023-27534.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-27534

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/1892351
reference_id
reference_type
scores
url	https://hackerone.com/reports/1892351

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2179069
reference_id	2179069
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2179069

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:6679
reference_id	RHSA-2023:6679
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6679

reference_url	https://usn.ubuntu.com/5964-1/
reference_id	USN-5964-1
reference_type
scores
url	https://usn.ubuntu.com/5964-1/

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-27534

risk_score 1.6

exploitability 0.5

weighted_severity 3.3

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-syz5-5y6f-s7er

url VCID-tcqe-7skm-b3fz

vulnerability_id VCID-tcqe-7skm-b3fz

summary

Out-of-bounds Write
This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy
handshake.

When curl is asked to pass along the host name to the SOCKS5 proxy to allow
that to resolve the address instead of it getting done by curl itself, the
maximum length that host name can be is 255 bytes.

If the host name is detected to be longer, curl switches to local name
resolving and instead passes on the resolved address only. Due to this bug,
the local variable that means "let the host resolve the name" could get the
wrong value during a slow SOCKS5 handshake, and contrary to the intention,
copy the too long host name to the target buffer instead of copying just the
resolved address there.

The target buffer being a heap based buffer, and the host name coming from the
URL that curl has been told to operate with.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38545.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-38545

reference_id

reference_type

scores

value	0.2625
scoring_system	epss
scoring_elements	0.96278
published_at	2026-04-04T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96316
published_at	2026-04-18T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96312
published_at	2026-04-16T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96303
published_at	2026-04-13T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.963
published_at	2026-04-12T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96295
published_at	2026-04-09T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96292
published_at	2026-04-08T12:55:00Z

value	0.2625
scoring_system	epss
scoring_elements	0.96283
published_at	2026-04-07T12:55:00Z

value	0.26747
scoring_system	epss
scoring_elements	0.96359
published_at	2026-04-21T12:55:00Z

value	0.26747
scoring_system	epss
scoring_elements	0.96315
published_at	2026-04-02T12:55:00Z

value	0.26747
scoring_system	epss
scoring_elements	0.9636
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-38545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38545

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38546

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://hackerone.com/reports/2187833
reference_id
reference_type
scores
url	https://hackerone.com/reports/2187833

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2241933
reference_id	2241933
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2241933

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

AVG-2845

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

reference_url

reference_id

AVG-2846

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://curl.se/docs/CVE-2023-38545.html

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2023-38545
reference_id	CVE-2023-38545
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2023-38545

reference_url

reference_id

CVE-2023-38545.HTML

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	High
scoring_system	cvssv3.1
scoring_elements

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://curl.se/docs/CVE-2023-38545.html

reference_url	https://security.gentoo.org/glsa/202310-12
reference_id	GLSA-202310-12
reference_type
scores
url	https://security.gentoo.org/glsa/202310-12

reference_url

https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/

reference_id

high-severity-heap-buffer-overflow-vulnerability

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://www.secpod.com/blog/high-severity-heap-buffer-overflow-vulnerability/

reference_url

reference_id

HT214036

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

HT214057

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

HT214058

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

reference_url

reference_id

HT214063

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://security.netapp.com/advisory/ntap-20231027-0009/

reference_url

reference_id

ntap-20231027-0009

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://security.netapp.com/advisory/ntap-20231027-0009/

reference_url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_id

ntap-20240201-0005

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://security.netapp.com/advisory/ntap-20240201-0005/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_id

OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGMXNRNSJ4ETDK6FRNU3J7SABXPWCHSQ/

reference_url	https://access.redhat.com/errata/RHSA-2023:5700
reference_id	RHSA-2023:5700
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5700

reference_url	https://access.redhat.com/errata/RHSA-2023:5763
reference_id	RHSA-2023:5763
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5763

reference_url	https://access.redhat.com/errata/RHSA-2023:6745
reference_id	RHSA-2023:6745
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6745

reference_url	https://access.redhat.com/errata/RHSA-2023:7625
reference_id	RHSA-2023:7625
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7625

reference_url	https://access.redhat.com/errata/RHSA-2023:7626
reference_id	RHSA-2023:7626
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7626

reference_url	https://access.redhat.com/errata/RHSA-2024:0797
reference_id	RHSA-2024:0797
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:0797

reference_url	https://access.redhat.com/errata/RHSA-2024:2011
reference_id	RHSA-2024:2011
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2011

reference_url	https://usn.ubuntu.com/6429-1/
reference_id	USN-6429-1
reference_type
scores
url	https://usn.ubuntu.com/6429-1/

reference_url	https://usn.ubuntu.com/6429-3/
reference_id	USN-6429-3
reference_type
scores
url	https://usn.ubuntu.com/6429-3/

reference_url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

reference_id

viewtopic.php?f=8&t=8868

reference_type

scores

value	8.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track*
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:T/P:M/B:A/M:M/D:R/2024-10-17T21:11:03Z/

url

https://forum.vmssoftware.com/viewtopic.php?f=8&t=8868

fixed_packages

url	pkg:ebuild/net-misc/curl@8.3.0-r2
purl	pkg:ebuild/net-misc/curl@8.3.0-r2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:ebuild/net-misc/curl@8.3.0-r2

aliases CVE-2023-38545

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tcqe-7skm-b3fz

url VCID-xpss-yndr-mycj

vulnerability_id VCID-xpss-yndr-mycj

summary Multiple vulnerabilities have been discovered in curl, the worst of which could result in arbitrary code execution.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43551.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43551.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-43551

reference_id

reference_type

scores

value	0.00042
scoring_system	epss
scoring_elements	0.12819
published_at	2026-04-24T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12972
published_at	2026-04-04T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12773
published_at	2026-04-07T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12852
published_at	2026-04-08T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12902
published_at	2026-04-09T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12868
published_at	2026-04-11T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12831
published_at	2026-04-12T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12786
published_at	2026-04-13T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.1269
published_at	2026-04-16T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12697
published_at	2026-04-18T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12798
published_at	2026-04-21T12:55:00Z

value	0.00042
scoring_system	epss
scoring_elements	0.12923
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-43551

reference_url

https://curl.se/docs/CVE-2022-43551.html

reference_id

reference_type

scores

value	Medium
scoring_system	cvssv3.1
scoring_elements

url

https://curl.se/docs/CVE-2022-43551.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43551
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-43551

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://hackerone.com/reports/1755083

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:38:16Z/

url

https://hackerone.com/reports/1755083

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026829
reference_id	1026829
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1026829

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2152639
reference_id	2152639
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2152639

reference_url

reference_id

GLSA-202310-12

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2025-08-15T14:38:16Z/

url