VulnerableCode Package Details - pkg:deb/debian/curl@7.88.1-10

Search for packages

Vulnerability	Summary	Fixed by
VCID-ky1x-6r1w-aaae Aliases: CVE-2023-28319	A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.	7.88.1-10+deb12u1~bpo11+1 Affected by 0 other vulnerabilities. 7.88.1-10+deb12u3~bpo11+1 Affected by 0 other vulnerabilities.
VCID-swf6-zwrv-aaah Aliases: CVE-2023-32001	libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called `stat()` followed by `fopen()` in a way that made it vulnerable to a TOCTOU race condition problem. By exploiting this flaw, an attacker could trick the victim to create or overwrite protected files holding this data in ways it was not intended to.	7.88.1-10+deb12u1~bpo11+1 Affected by 0 other vulnerabilities. 7.88.1-10+deb12u3~bpo11+1 Affected by 0 other vulnerabilities.
VCID-uegp-s96r-aaaj Aliases: CVE-2023-38039	When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.	7.88.1-10+deb12u1~bpo11+1 Affected by 0 other vulnerabilities. 7.88.1-10+deb12u3~bpo11+1 Affected by 0 other vulnerabilities. 8.3.0-1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-ky1x-6r1w-aaae
Aliases:
CVE-2023-28319

A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed.

7.88.1-10+deb12u1~bpo11+1
Affected by 0 other vulnerabilities.

7.88.1-10+deb12u3~bpo11+1
Affected by 0 other vulnerabilities.

VCID-swf6-zwrv-aaah
Aliases:
CVE-2023-32001

libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called `stat()` followed by `fopen()` in a way that made it vulnerable to a TOCTOU race condition problem. By exploiting this flaw, an attacker could trick the victim to create or overwrite protected files holding this data in ways it was not intended to.

7.88.1-10+deb12u1~bpo11+1
Affected by 0 other vulnerabilities.

7.88.1-10+deb12u3~bpo11+1
Affected by 0 other vulnerabilities.

VCID-uegp-s96r-aaaj
Aliases:
CVE-2023-38039

When curl retrieves an HTTP response, it stores the incoming headers so that they can be accessed later via the libcurl headers API. However, curl did not have a limit in how many or how large headers it would accept in a response, allowing a malicious server to stream an endless series of headers and eventually cause curl to run out of heap memory.

7.88.1-10+deb12u1~bpo11+1
Affected by 0 other vulnerabilities.

7.88.1-10+deb12u3~bpo11+1
Affected by 0 other vulnerabilities.

8.3.0-1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

purl	pkg:deb/debian/curl@7.88.1-10
Tags	Ghost

Next non-vulnerable version	7.88.1-10+deb12u6~bpo11+1
Latest non-vulnerable version	8.14.1-2
Risk	10.0