Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2017-1000099 (GCVE-0-2017-1000099)
Vulnerability from cvelistv5 – Published: 2017-10-04 01:00 – Updated: 2024-08-05 21:53
VLAI?
EPSS
Summary
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:06.676Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "100281",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/100281"
},
{
"name": "GLSA-201709-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201709-14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://curl.haxx.se/0809C.patch"
},
{
"name": "1039119",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1039119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-10-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-10-04T09:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "100281",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/100281"
},
{
"name": "GLSA-201709-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201709-14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://curl.haxx.se/0809C.patch"
},
{
"name": "1039119",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1039119"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.315249",
"ID": "CVE-2017-1000099",
"REQUESTER": "daniel@haxx.se",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100281"
},
{
"name": "GLSA-201709-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-14"
},
{
"name": "https://curl.haxx.se/0809C.patch",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/0809C.patch"
},
{
"name": "1039119",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039119"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000099",
"datePublished": "2017-10-04T01:00:00",
"dateReserved": "2017-10-03T00:00:00",
"dateUpdated": "2024-08-05T21:53:06.676Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7C1D4922-F424-45B1-AF98-B1DD33981110\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.\"}, {\"lang\": \"es\", \"value\": \"A la hora de pedir un archivo de una URL de tipo \\\"file://\\\", libcurl ofrece una caracter\\u00edstica que env\\u00eda metadatos sobre el archivo mediante cabeceras HTTP. El c\\u00f3digo responsable de esto enviar\\u00eda el b\\u00fafer err\\u00f3neo al usuario (stdout o la llamada de vuelta de la aplicaci\\u00f3n), lo que podr\\u00eda provocar que otros datos privados de la memoria din\\u00e1mica (heap) se muestren en consecuencia. El b\\u00fafer err\\u00f3neo es un \\u00e1rea no inicializada de la memoria asignada en la memoria din\\u00e1mica y si resulta que no tienen ning\\u00fan byte con valor cero, continuar\\u00eda y mostrar\\u00eda los datos que siguen a ese b\\u00fafer en la memoria.\"}]",
"id": "CVE-2017-1000099",
"lastModified": "2024-11-21T03:04:09.487",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2017-10-05T01:29:04.023",
"references": "[{\"url\": \"http://www.securityfocus.com/bid/100281\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039119\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://curl.haxx.se/0809C.patch\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201709-14\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://curl.haxx.se/docs/adv_20170809C.html\", \"source\": \"nvd@nist.gov\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/100281\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://www.securitytracker.com/id/1039119\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://curl.haxx.se/0809C.patch\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201709-14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\", \"VDB Entry\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-200\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2017-1000099\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-05T01:29:04.023\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.\"},{\"lang\":\"es\",\"value\":\"A la hora de pedir un archivo de una URL de tipo \\\"file://\\\", libcurl ofrece una caracter\u00edstica que env\u00eda metadatos sobre el archivo mediante cabeceras HTTP. El c\u00f3digo responsable de esto enviar\u00eda el b\u00fafer err\u00f3neo al usuario (stdout o la llamada de vuelta de la aplicaci\u00f3n), lo que podr\u00eda provocar que otros datos privados de la memoria din\u00e1mica (heap) se muestren en consecuencia. El b\u00fafer err\u00f3neo es un \u00e1rea no inicializada de la memoria asignada en la memoria din\u00e1mica y si resulta que no tienen ning\u00fan byte con valor cero, continuar\u00eda y mostrar\u00eda los datos que siguen a ese b\u00fafer en la memoria.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-200\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7C1D4922-F424-45B1-AF98-B1DD33981110\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/100281\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039119\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://curl.haxx.se/0809C.patch\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201709-14\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://curl.haxx.se/docs/adv_20170809C.html\",\"source\":\"nvd@nist.gov\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/100281\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id/1039119\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://curl.haxx.se/0809C.patch\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201709-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]}]}}"
}
}
WID-SEC-W-2023-1647
Vulnerability from csaf_certbund - Published: 2017-08-08 22:00 - Updated: 2023-07-04 22:00Summary
cURL: Mehrere Schwachstellen ermöglichen Offenlegung von Informationen
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.
Angriff
Ein lokaler oder entfernter anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um Informationen offenzulegen.
Betroffene Betriebssysteme
- UNIX
- Linux
- Windows
- Sonstiges
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein lokaler oder entfernter anonymer Angreifer kann mehrere Schwachstellen in cURL ausnutzen, um Informationen offenzulegen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- UNIX\n- Linux\n- Windows\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2023-1647 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2023-1647.json"
},
{
"category": "self",
"summary": "WID-SEC-2023-1647 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1647"
},
{
"category": "external",
"summary": "Security update for Dell NetWorker",
"url": "https://www.dell.com/support/kbdoc/de-de/000215497/dsa-2023-233-security-update-for-dell-networker-curl-7-51-0"
},
{
"category": "external",
"summary": "Curl Security Advisory vom 2017-08-08",
"url": "https://curl.haxx.se/docs/adv_20170809A.html"
},
{
"category": "external",
"summary": "Curl Security Advisory vom 2017-08-08",
"url": "https://curl.haxx.se/docs/adv_20170809B.html"
},
{
"category": "external",
"summary": "Curl Security Advisory vom 2017-08-08",
"url": "https://curl.haxx.se/docs/adv_20170809C.html"
},
{
"category": "external",
"summary": "Eintrag in der OSS Mailing Liste vom 2017-08-08",
"url": "http://marc.info/?l=oss-security\u0026m=150225896624622\u0026w=2"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2174-1 vom 2017-08-16",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172174-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2312-1 vom 2017-08-31",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172312-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2354-1 vom 2017-09-06",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172354-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2470-1 vom 2017-09-15",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172470-1.html"
},
{
"category": "external",
"summary": "Debian Security Advisory DSA-3992 vom 2017-10-07",
"url": "https://www.debian.org/security/2017/dsa-3992"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3441-1 vom 2017-10-10",
"url": "http://www.ubuntu.com/usn/usn-3441-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3441-2 vom 2017-10-24",
"url": "http://www.ubuntu.com/usn/usn-3441-2/"
},
{
"category": "external",
"summary": "Juniper Security Bulletin: JSA10874",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10874\u0026actp=RSS"
},
{
"category": "external",
"summary": "Red Hat Security Advisory RHSA-2018:3558 vom 2018-11-14",
"url": "https://access.redhat.com/errata/RHSA-2018:3558"
}
],
"source_lang": "en-US",
"title": "cURL: Mehrere Schwachstellen erm\u00f6glichen Offenlegung von Informationen",
"tracking": {
"current_release_date": "2023-07-04T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T17:54:12.544+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2023-1647",
"initial_release_date": "2017-08-08T22:00:00.000+00:00",
"revision_history": [
{
"date": "2017-08-08T22:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-08-08T22:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-08-13T22:00:00.000+00:00",
"number": "3",
"summary": "Added references"
},
{
"date": "2017-08-31T22:00:00.000+00:00",
"number": "4",
"summary": "New remediations available"
},
{
"date": "2017-09-05T22:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2017-09-14T22:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2017-10-08T22:00:00.000+00:00",
"number": "7",
"summary": "New remediations available"
},
{
"date": "2017-10-10T22:00:00.000+00:00",
"number": "8",
"summary": "New remediations available"
},
{
"date": "2017-10-23T22:00:00.000+00:00",
"number": "9",
"summary": "New remediations available"
},
{
"date": "2018-07-31T22:00:00.000+00:00",
"number": "10",
"summary": "New remediations available"
},
{
"date": "2018-11-13T23:00:00.000+00:00",
"number": "11",
"summary": "New remediations available"
},
{
"date": "2023-07-04T22:00:00.000+00:00",
"number": "12",
"summary": "Neue Updates von Dell aufgenommen"
}
],
"status": "final",
"version": "12"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Debian Linux",
"product": {
"name": "Debian Linux",
"product_id": "2951",
"product_identification_helper": {
"cpe": "cpe:/o:debian:debian_linux:-"
}
}
}
],
"category": "vendor",
"name": "Debian"
},
{
"branches": [
{
"category": "product_name",
"name": "Dell NetWorker \u003c 19.9.0.1",
"product": {
"name": "Dell NetWorker \u003c 19.9.0.1",
"product_id": "T028404",
"product_identification_helper": {
"cpe": "cpe:/a:dell:networker:19.9.0.1"
}
}
}
],
"category": "vendor",
"name": "Dell"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source cURL \u003c 7.55.0",
"product": {
"name": "Open Source cURL \u003c 7.55.0",
"product_id": "T010531",
"product_identification_helper": {
"cpe": "cpe:/a:curl:curl:7.55.0"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux",
"product": {
"name": "Red Hat Enterprise Linux",
"product_id": "67646",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:-"
}
}
}
],
"category": "vendor",
"name": "Red Hat"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"category": "product_name",
"name": "Ubuntu Linux",
"product": {
"name": "Ubuntu Linux",
"product_id": "T000126",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:-"
}
}
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2017-1000099",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in cURL. Wenn eine Datei mit einer file:// URL aufgerufen wird, gibt libcurl Metadaten \u00fcber die Datei mittels HTTP-\u00e4hnliche Headern aus. Dabei passiert ein Fehler bei dem uninitialisierter Speicher aus dem Heap zur Ausgabe verwendet wird. Dabei kann es vorkommen, wenn dieser nicht mit Nullen beschrieben ist, sondern dass Daten die danach im Speicher stehen, ausgegeben werden. Ein lokaler Angreifer kann so eventuell Zugriff auf eventuell sensitive Informationen erlangen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T028404"
]
},
"release_date": "2017-08-08T22:00:00.000+00:00",
"title": "CVE-2017-1000099"
},
{
"cve": "CVE-2017-1000100",
"notes": [
{
"category": "description",
"text": "Es existiert eine Out of Boundary Schwachstelle in cURL. Bei einem TFTP Transfer mit curl/libcurl bei dem eine sehr lange URL verwendet wird (l\u00e4nger als 515 Bytes), wird die URL gek\u00fcrzt und in den Speicher geschrieben. Die urspr\u00fcngliche L\u00e4nge wird dabei gesichert. Dieser zu gro\u00dfe Wert wird in der \"sendto()\" Funktion verwendet was dazu f\u00fchrt, dass au\u00dferhalb der Speichergrenzen Daten angeh\u00e4ngt werden. Ein pr\u00e4parierter HTTP(S) Server kann einen Client auf eine TFTP URL umleiten und so Teile seines Speichers preisgeben. Ein entfernter, anonymer Angreifer kann Zugriff auf eventuell sensitive Informationen erlangen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen, eine modifizierte URL mit curl oder einenm Client der libcurl verwendet, aufzurufen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T028404"
]
},
"release_date": "2017-08-08T22:00:00.000+00:00",
"title": "CVE-2017-1000100"
},
{
"cve": "CVE-2017-1000101",
"notes": [
{
"category": "description",
"text": "Es existiert eine Out of Boundary Schwachstelle in cURL. curl unterst\u00fctzt die Angabe eines Zahlenbereichs in einer URLs, \u00fcber die er iteriert und diese anschlie\u00dfend aufruft. Die URL wird im Heap-Speicher abgelegt. Durch einen Fehler bei der Verarbeitung dieser URL kann es dazu kommen, dass die URL \u00fcber die Speichergrenzen hinweg gelesen wird. Durch speziell pr\u00e4parierte curl \u00dcbergabeparameter kann es dazu kommen, dass curl nicht abst\u00fcrzt sondern eine falsche URL aus dem Heap liest. Ein entfernter, anonymer Angreifer kann Zugriff auf eventuell sensitive Informationen erlangen. Zur erfolgreichen Ausnutzung dieser Schwachstelle muss der Angreifer den Benutzer dazu bringen, eine modifizierte URL mit curl oder einem Client der libcurl verwendet, aufzurufen."
}
],
"product_status": {
"known_affected": [
"2951",
"T002207",
"67646",
"T000126",
"T028404"
]
},
"release_date": "2017-08-08T22:00:00.000+00:00",
"title": "CVE-2017-1000101"
}
]
}
OPENSUSE-SU-2024:10582-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
curl-7.79.1-1.1 on GA media
Notes
Title of the patch
curl-7.79.1-1.1 on GA media
Description of the patch
These are all security issues fixed in the curl-7.79.1-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10582
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "curl-7.79.1-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the curl-7.79.1-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10582",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10582-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2006-1061 page",
"url": "https://www.suse.com/security/cve/CVE-2006-1061/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9586 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9586/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-9594 page",
"url": "https://www.suse.com/security/cve/CVE-2016-9594/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000099 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000099/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000100 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000100/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000101 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000101/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000254 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000254/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-1000257 page",
"url": "https://www.suse.com/security/cve/CVE-2017-1000257/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-2629 page",
"url": "https://www.suse.com/security/cve/CVE-2017-2629/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-7468 page",
"url": "https://www.suse.com/security/cve/CVE-2017-7468/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8816 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8816/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8817 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8817/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-8818 page",
"url": "https://www.suse.com/security/cve/CVE-2017-8818/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2017-9502 page",
"url": "https://www.suse.com/security/cve/CVE-2017-9502/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-0500 page",
"url": "https://www.suse.com/security/cve/CVE-2018-0500/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000005 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000005/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000120 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000120/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000122 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000122/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000300 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000300/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-1000301 page",
"url": "https://www.suse.com/security/cve/CVE-2018-1000301/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-14618 page",
"url": "https://www.suse.com/security/cve/CVE-2018-14618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16839 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16839/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16840 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16840/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16842 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16842/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2018-16890 page",
"url": "https://www.suse.com/security/cve/CVE-2018-16890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-15601 page",
"url": "https://www.suse.com/security/cve/CVE-2019-15601/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3822 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3822/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-3823 page",
"url": "https://www.suse.com/security/cve/CVE-2019-3823/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5435 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5435/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5436 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5436/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5481 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5481/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2019-5482 page",
"url": "https://www.suse.com/security/cve/CVE-2019-5482/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8169 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8169/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8231 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8231/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8284 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8284/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8285 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8285/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-8286 page",
"url": "https://www.suse.com/security/cve/CVE-2020-8286/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22297 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22297/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22298 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22298/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22876 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22876/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22890 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22890/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22898 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22898/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22901 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22901/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22922 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22922/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22924 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22924/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22945 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22945/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22946 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22946/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-22947 page",
"url": "https://www.suse.com/security/cve/CVE-2021-22947/"
}
],
"title": "curl-7.79.1-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10582-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "curl-7.79.1-1.1.aarch64",
"product": {
"name": "curl-7.79.1-1.1.aarch64",
"product_id": "curl-7.79.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.79.1-1.1.aarch64",
"product": {
"name": "libcurl-devel-7.79.1-1.1.aarch64",
"product_id": "libcurl-devel-7.79.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.79.1-1.1.aarch64",
"product": {
"name": "libcurl-devel-32bit-7.79.1-1.1.aarch64",
"product_id": "libcurl-devel-32bit-7.79.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.79.1-1.1.aarch64",
"product": {
"name": "libcurl4-7.79.1-1.1.aarch64",
"product_id": "libcurl4-7.79.1-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.79.1-1.1.aarch64",
"product": {
"name": "libcurl4-32bit-7.79.1-1.1.aarch64",
"product_id": "libcurl4-32bit-7.79.1-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.79.1-1.1.ppc64le",
"product": {
"name": "curl-7.79.1-1.1.ppc64le",
"product_id": "curl-7.79.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.79.1-1.1.ppc64le",
"product": {
"name": "libcurl-devel-7.79.1-1.1.ppc64le",
"product_id": "libcurl-devel-7.79.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"product": {
"name": "libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"product_id": "libcurl-devel-32bit-7.79.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-7.79.1-1.1.ppc64le",
"product": {
"name": "libcurl4-7.79.1-1.1.ppc64le",
"product_id": "libcurl4-7.79.1-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.79.1-1.1.ppc64le",
"product": {
"name": "libcurl4-32bit-7.79.1-1.1.ppc64le",
"product_id": "libcurl4-32bit-7.79.1-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.79.1-1.1.s390x",
"product": {
"name": "curl-7.79.1-1.1.s390x",
"product_id": "curl-7.79.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.79.1-1.1.s390x",
"product": {
"name": "libcurl-devel-7.79.1-1.1.s390x",
"product_id": "libcurl-devel-7.79.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.79.1-1.1.s390x",
"product": {
"name": "libcurl-devel-32bit-7.79.1-1.1.s390x",
"product_id": "libcurl-devel-32bit-7.79.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-7.79.1-1.1.s390x",
"product": {
"name": "libcurl4-7.79.1-1.1.s390x",
"product_id": "libcurl4-7.79.1-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.79.1-1.1.s390x",
"product": {
"name": "libcurl4-32bit-7.79.1-1.1.s390x",
"product_id": "libcurl4-32bit-7.79.1-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.79.1-1.1.x86_64",
"product": {
"name": "curl-7.79.1-1.1.x86_64",
"product_id": "curl-7.79.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.79.1-1.1.x86_64",
"product": {
"name": "libcurl-devel-7.79.1-1.1.x86_64",
"product_id": "libcurl-devel-7.79.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.79.1-1.1.x86_64",
"product": {
"name": "libcurl-devel-32bit-7.79.1-1.1.x86_64",
"product_id": "libcurl-devel-32bit-7.79.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.79.1-1.1.x86_64",
"product": {
"name": "libcurl4-7.79.1-1.1.x86_64",
"product_id": "libcurl4-7.79.1-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.79.1-1.1.x86_64",
"product": {
"name": "libcurl4-32bit-7.79.1-1.1.x86_64",
"product_id": "libcurl4-32bit-7.79.1-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.79.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64"
},
"product_reference": "curl-7.79.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.79.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le"
},
"product_reference": "curl-7.79.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.79.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.79.1-1.1.s390x"
},
"product_reference": "curl-7.79.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.79.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64"
},
"product_reference": "curl-7.79.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.79.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64"
},
"product_reference": "libcurl-devel-7.79.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.79.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le"
},
"product_reference": "libcurl-devel-7.79.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.79.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x"
},
"product_reference": "libcurl-devel-7.79.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.79.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64"
},
"product_reference": "libcurl-devel-7.79.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.79.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64"
},
"product_reference": "libcurl-devel-32bit-7.79.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.79.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le"
},
"product_reference": "libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.79.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x"
},
"product_reference": "libcurl-devel-32bit-7.79.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.79.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64"
},
"product_reference": "libcurl-devel-32bit-7.79.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.79.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64"
},
"product_reference": "libcurl4-7.79.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.79.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le"
},
"product_reference": "libcurl4-7.79.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.79.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x"
},
"product_reference": "libcurl4-7.79.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.79.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
},
"product_reference": "libcurl4-7.79.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.79.1-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64"
},
"product_reference": "libcurl4-32bit-7.79.1-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.79.1-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le"
},
"product_reference": "libcurl4-32bit-7.79.1-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.79.1-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x"
},
"product_reference": "libcurl4-32bit-7.79.1-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.79.1-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.79.1-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2006-1061",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2006-1061"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2006-1061",
"url": "https://www.suse.com/security/cve/CVE-2006-1061"
},
{
"category": "external",
"summary": "SUSE Bug 157874 for CVE-2006-1061",
"url": "https://bugzilla.suse.com/157874"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2006-1061"
},
{
"cve": "CVE-2016-9586",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9586"
}
],
"notes": [
{
"category": "general",
"text": "curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl\u0027s implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9586",
"url": "https://www.suse.com/security/cve/CVE-2016-9586"
},
{
"category": "external",
"summary": "SUSE Bug 1015332 for CVE-2016-9586",
"url": "https://bugzilla.suse.com/1015332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-9586"
},
{
"cve": "CVE-2016-9594",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-9594"
}
],
"notes": [
{
"category": "general",
"text": "curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl\u0027s internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-9594",
"url": "https://www.suse.com/security/cve/CVE-2016-9594"
},
{
"category": "external",
"summary": "SUSE Bug 1016738 for CVE-2016-9594",
"url": "https://bugzilla.suse.com/1016738"
},
{
"category": "external",
"summary": "SUSE Bug 1017161 for CVE-2016-9594",
"url": "https://bugzilla.suse.com/1017161"
},
{
"category": "external",
"summary": "SUSE Bug 1042181 for CVE-2016-9594",
"url": "https://bugzilla.suse.com/1042181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2016-9594"
},
{
"cve": "CVE-2017-1000099",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000099"
}
],
"notes": [
{
"category": "general",
"text": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000099",
"url": "https://www.suse.com/security/cve/CVE-2017-1000099"
},
{
"category": "external",
"summary": "SUSE Bug 1051645 for CVE-2017-1000099",
"url": "https://bugzilla.suse.com/1051645"
},
{
"category": "external",
"summary": "SUSE Bug 1053919 for CVE-2017-1000099",
"url": "https://bugzilla.suse.com/1053919"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-1000099"
},
{
"cve": "CVE-2017-1000100",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000100"
}
],
"notes": [
{
"category": "general",
"text": "When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. This too large value is then used in the sendto() call, making curl attempt to send more data than what is actually put into the buffer. The endto() function will then read beyond the end of the heap based buffer. A malicious HTTP(S) server could redirect a vulnerable libcurl-using client to a crafted TFTP URL (if the client hasn\u0027t restricted which protocols it allows redirects to) and trick it to send private memory contents to a remote server over UDP. Limit curl\u0027s redirect protocols with --proto-redir and libcurl\u0027s with CURLOPT_REDIR_PROTOCOLS.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000100",
"url": "https://www.suse.com/security/cve/CVE-2017-1000100"
},
{
"category": "external",
"summary": "SUSE Bug 1051644 for CVE-2017-1000100",
"url": "https://bugzilla.suse.com/1051644"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-1000100"
},
{
"cve": "CVE-2017-1000101",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000101"
}
],
"notes": [
{
"category": "general",
"text": "curl supports \"globbing\" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would be `http://ur%20[0-60000000000000000000`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000101",
"url": "https://www.suse.com/security/cve/CVE-2017-1000101"
},
{
"category": "external",
"summary": "SUSE Bug 1051643 for CVE-2017-1000101",
"url": "https://bugzilla.suse.com/1051643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-1000101"
},
{
"cve": "CVE-2017-1000254",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000254"
}
],
"notes": [
{
"category": "general",
"text": "libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in (anonymous or not), it asks the server for the current directory with the `PWD` command. The server then responds with a 257 response containing the path, inside double quotes. The returned path name is then kept by libcurl for subsequent uses. Due to a flaw in the string parser for this directory name, a directory name passed like this but without a closing double quote would lead to libcurl not adding a trailing NUL byte to the buffer holding the name. When libcurl would then later access the string, it could read beyond the allocated heap buffer and crash or wrongly access data beyond the buffer, thinking it was part of the path. A malicious server could abuse this fact and effectively prevent libcurl-based clients to work with it - the PWD command is always issued on new FTP connections and the mistake has a high chance of causing a segfault. The simple fact that this has issue remained undiscovered for this long could suggest that malformed PWD responses are rare in benign servers. We are not aware of any exploit of this flaw. This bug was introduced in commit [415d2e7cb7](https://github.com/curl/curl/commit/415d2e7cb7), March 2005. In libcurl version 7.56.0, the parser always zero terminates the string but also rejects it if not terminated properly with a final double quote.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000254",
"url": "https://www.suse.com/security/cve/CVE-2017-1000254"
},
{
"category": "external",
"summary": "SUSE Bug 1061876 for CVE-2017-1000254",
"url": "https://bugzilla.suse.com/1061876"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-1000254"
},
{
"cve": "CVE-2017-1000257",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-1000257"
}
],
"notes": [
{
"category": "general",
"text": "An IMAP FETCH response line indicates the size of the returned data, in number of bytes. When that response says the data is zero bytes, libcurl would pass on that (non-existing) data with a pointer and the size (zero) to the deliver-data function. libcurl\u0027s deliver-data function treats zero as a magic number and invokes strlen() on the data to figure out the length. The strlen() is called on a heap based buffer that might not be zero terminated so libcurl might read beyond the end of it into whatever memory lies after (or just crash) and then deliver that to the application as if it was actually downloaded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-1000257",
"url": "https://www.suse.com/security/cve/CVE-2017-1000257"
},
{
"category": "external",
"summary": "SUSE Bug 1063824 for CVE-2017-1000257",
"url": "https://bugzilla.suse.com/1063824"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-1000257"
},
{
"cve": "CVE-2017-2629",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-2629"
}
],
"notes": [
{
"category": "general",
"text": "curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server\u0027s certificate\u0027s validity in the code that checks for a test success or failure. It ends up always thinking there\u0027s valid proof, even when there is none or if the server doesn\u0027t support the TLS extension in question. This could lead to users not detecting when a server\u0027s certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-2629",
"url": "https://www.suse.com/security/cve/CVE-2017-2629"
},
{
"category": "external",
"summary": "SUSE Bug 1025379 for CVE-2017-2629",
"url": "https://bugzilla.suse.com/1025379"
},
{
"category": "external",
"summary": "SUSE Bug 1042181 for CVE-2017-2629",
"url": "https://bugzilla.suse.com/1042181"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-2629"
},
{
"cve": "CVE-2017-7468",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-7468"
}
],
"notes": [
{
"category": "general",
"text": "In curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changed. That is unacceptable since a server by specification is allowed to skip the client certificate check on resume, and may instead use the old identity which was established by the previous certificate (or no certificate). libcurl supports by default the use of TLS session id/ticket to resume previous TLS sessions to speed up subsequent TLS handshakes. They are used when for any reason an existing TLS connection couldn\u0027t be kept alive to make the next handshake faster. This flaw is a regression and identical to CVE-2016-5419 reported on August 3rd 2016, but affecting a different version range.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-7468",
"url": "https://www.suse.com/security/cve/CVE-2017-7468"
},
{
"category": "external",
"summary": "SUSE Bug 1033413 for CVE-2017-7468",
"url": "https://bugzilla.suse.com/1033413"
},
{
"category": "external",
"summary": "SUSE Bug 1033442 for CVE-2017-7468",
"url": "https://bugzilla.suse.com/1033442"
},
{
"category": "external",
"summary": "SUSE Bug 1042181 for CVE-2017-7468",
"url": "https://bugzilla.suse.com/1042181"
},
{
"category": "external",
"summary": "SUSE Bug 991389 for CVE-2017-7468",
"url": "https://bugzilla.suse.com/991389"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2017-7468"
},
{
"cve": "CVE-2017-8816",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8816"
}
],
"notes": [
{
"category": "general",
"text": "The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8816",
"url": "https://www.suse.com/security/cve/CVE-2017-8816"
},
{
"category": "external",
"summary": "SUSE Bug 1069226 for CVE-2017-8816",
"url": "https://bugzilla.suse.com/1069226"
},
{
"category": "external",
"summary": "SUSE Bug 1106019 for CVE-2017-8816",
"url": "https://bugzilla.suse.com/1106019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8816"
},
{
"cve": "CVE-2017-8817",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8817"
}
],
"notes": [
{
"category": "general",
"text": "The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an \u0027[\u0027 character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8817",
"url": "https://www.suse.com/security/cve/CVE-2017-8817"
},
{
"category": "external",
"summary": "SUSE Bug 1069222 for CVE-2017-8817",
"url": "https://bugzilla.suse.com/1069222"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-8817"
},
{
"cve": "CVE-2017-8818",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-8818"
}
],
"notes": [
{
"category": "general",
"text": "curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-8818",
"url": "https://www.suse.com/security/cve/CVE-2017-8818"
},
{
"category": "external",
"summary": "SUSE Bug 1069714 for CVE-2017-8818",
"url": "https://bugzilla.suse.com/1069714"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2017-8818"
},
{
"cve": "CVE-2017-9502",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2017-9502"
}
],
"notes": [
{
"category": "general",
"text": "In curl before 7.54.1 on Windows and DOS, libcurl\u0027s default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given \"URL\" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string \"file://\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2017-9502",
"url": "https://www.suse.com/security/cve/CVE-2017-9502"
},
{
"category": "external",
"summary": "SUSE Bug 1044243 for CVE-2017-9502",
"url": "https://bugzilla.suse.com/1044243"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2017-9502"
},
{
"cve": "CVE-2018-0500",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-0500"
}
],
"notes": [
{
"category": "general",
"text": "Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-0500",
"url": "https://www.suse.com/security/cve/CVE-2018-0500"
},
{
"category": "external",
"summary": "SUSE Bug 1099793 for CVE-2018-0500",
"url": "https://bugzilla.suse.com/1099793"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2018-0500"
},
{
"cve": "CVE-2018-1000005",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000005"
}
],
"notes": [
{
"category": "general",
"text": "libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn\u0027t updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000005",
"url": "https://www.suse.com/security/cve/CVE-2018-1000005"
},
{
"category": "external",
"summary": "SUSE Bug 1076360 for CVE-2018-1000005",
"url": "https://bugzilla.suse.com/1076360"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-1000005"
},
{
"cve": "CVE-2018-1000120",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000120"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000120",
"url": "https://www.suse.com/security/cve/CVE-2018-1000120"
},
{
"category": "external",
"summary": "SUSE Bug 1084521 for CVE-2018-1000120",
"url": "https://bugzilla.suse.com/1084521"
},
{
"category": "external",
"summary": "SUSE Bug 1101811 for CVE-2018-1000120",
"url": "https://bugzilla.suse.com/1101811"
},
{
"category": "external",
"summary": "SUSE Bug 1112526 for CVE-2018-1000120",
"url": "https://bugzilla.suse.com/1112526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000120"
},
{
"cve": "CVE-2018-1000122",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000122"
}
],
"notes": [
{
"category": "general",
"text": "A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000122",
"url": "https://www.suse.com/security/cve/CVE-2018-1000122"
},
{
"category": "external",
"summary": "SUSE Bug 1084532 for CVE-2018-1000122",
"url": "https://bugzilla.suse.com/1084532"
},
{
"category": "external",
"summary": "SUSE Bug 1101811 for CVE-2018-1000122",
"url": "https://bugzilla.suse.com/1101811"
},
{
"category": "external",
"summary": "SUSE Bug 1112526 for CVE-2018-1000122",
"url": "https://bugzilla.suse.com/1112526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-1000122"
},
{
"cve": "CVE-2018-1000300",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000300"
}
],
"notes": [
{
"category": "general",
"text": "curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl \u003c 7.54.1 and curl \u003e= 7.60.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000300",
"url": "https://www.suse.com/security/cve/CVE-2018-1000300"
},
{
"category": "external",
"summary": "SUSE Bug 1092094 for CVE-2018-1000300",
"url": "https://bugzilla.suse.com/1092094"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-1000300"
},
{
"cve": "CVE-2018-1000301",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-1000301"
}
],
"notes": [
{
"category": "general",
"text": "curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl \u003c 7.20.0 and curl \u003e= 7.60.0.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-1000301",
"url": "https://www.suse.com/security/cve/CVE-2018-1000301"
},
{
"category": "external",
"summary": "SUSE Bug 1092098 for CVE-2018-1000301",
"url": "https://bugzilla.suse.com/1092098"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-1000301",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "critical"
}
],
"title": "CVE-2018-1000301"
},
{
"cve": "CVE-2018-14618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-14618"
}
],
"notes": [
{
"category": "general",
"text": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-14618",
"url": "https://www.suse.com/security/cve/CVE-2018-14618"
},
{
"category": "external",
"summary": "SUSE Bug 1106019 for CVE-2018-14618",
"url": "https://bugzilla.suse.com/1106019"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-14618",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-14618",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-14618"
},
{
"cve": "CVE-2018-16839",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16839"
}
],
"notes": [
{
"category": "general",
"text": "Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16839",
"url": "https://www.suse.com/security/cve/CVE-2018-16839"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1113029 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "external",
"summary": "SUSE Bug 1131886 for CVE-2018-16839",
"url": "https://bugzilla.suse.com/1131886"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16839"
},
{
"cve": "CVE-2018-16840",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16840"
}
],
"notes": [
{
"category": "general",
"text": "A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an \u0027easy\u0027 handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16840",
"url": "https://www.suse.com/security/cve/CVE-2018-16840"
},
{
"category": "external",
"summary": "SUSE Bug 1112758 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1112758"
},
{
"category": "external",
"summary": "SUSE Bug 1113029 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1113029"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16840",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16840"
},
{
"cve": "CVE-2018-16842",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16842"
}
],
"notes": [
{
"category": "general",
"text": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16842",
"url": "https://www.suse.com/security/cve/CVE-2018-16842"
},
{
"category": "external",
"summary": "SUSE Bug 1113660 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1113660"
},
{
"category": "external",
"summary": "SUSE Bug 1122464 for CVE-2018-16842",
"url": "https://bugzilla.suse.com/1122464"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2018-16842"
},
{
"cve": "CVE-2018-16890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2018-16890"
}
],
"notes": [
{
"category": "general",
"text": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2018-16890",
"url": "https://www.suse.com/security/cve/CVE-2018-16890"
},
{
"category": "external",
"summary": "SUSE Bug 1123371 for CVE-2018-16890",
"url": "https://bugzilla.suse.com/1123371"
},
{
"category": "external",
"summary": "SUSE Bug 1123378 for CVE-2018-16890",
"url": "https://bugzilla.suse.com/1123378"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2018-16890",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2018-16890"
},
{
"cve": "CVE-2019-15601",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-15601"
}
],
"notes": [
{
"category": "general",
"text": "** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-15601",
"url": "https://www.suse.com/security/cve/CVE-2019-15601"
},
{
"category": "external",
"summary": "SUSE Bug 1160301 for CVE-2019-15601",
"url": "https://bugzilla.suse.com/1160301"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-15601"
},
{
"cve": "CVE-2019-3822",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3822"
}
],
"notes": [
{
"category": "general",
"text": "libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large \u0027nt response\u0027 data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a \u0027large value\u0027 needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3822",
"url": "https://www.suse.com/security/cve/CVE-2019-3822"
},
{
"category": "external",
"summary": "SUSE Bug 1123377 for CVE-2019-3822",
"url": "https://bugzilla.suse.com/1123377"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-3822",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-3822"
},
{
"cve": "CVE-2019-3823",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-3823"
}
],
"notes": [
{
"category": "general",
"text": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn\u0027t NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-3823",
"url": "https://www.suse.com/security/cve/CVE-2019-3823"
},
{
"category": "external",
"summary": "SUSE Bug 1123378 for CVE-2019-3823",
"url": "https://bugzilla.suse.com/1123378"
},
{
"category": "external",
"summary": "SUSE Bug 1126909 for CVE-2019-3823",
"url": "https://bugzilla.suse.com/1126909"
},
{
"category": "external",
"summary": "SUSE Bug 1141798 for CVE-2019-3823",
"url": "https://bugzilla.suse.com/1141798"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-3823"
},
{
"cve": "CVE-2019-5435",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5435"
}
],
"notes": [
{
"category": "general",
"text": "An integer overflow in curl\u0027s URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5435",
"url": "https://www.suse.com/security/cve/CVE-2019-5435"
},
{
"category": "external",
"summary": "SUSE Bug 1135176 for CVE-2019-5435",
"url": "https://bugzilla.suse.com/1135176"
},
{
"category": "external",
"summary": "SUSE Bug 1154162 for CVE-2019-5435",
"url": "https://bugzilla.suse.com/1154162"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5435"
},
{
"cve": "CVE-2019-5436",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5436"
}
],
"notes": [
{
"category": "general",
"text": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5436",
"url": "https://www.suse.com/security/cve/CVE-2019-5436"
},
{
"category": "external",
"summary": "SUSE Bug 1135170 for CVE-2019-5436",
"url": "https://bugzilla.suse.com/1135170"
},
{
"category": "external",
"summary": "SUSE Bug 1149496 for CVE-2019-5436",
"url": "https://bugzilla.suse.com/1149496"
},
{
"category": "external",
"summary": "SUSE Bug 1154162 for CVE-2019-5436",
"url": "https://bugzilla.suse.com/1154162"
},
{
"category": "external",
"summary": "SUSE Bug 1167096 for CVE-2019-5436",
"url": "https://bugzilla.suse.com/1167096"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5436"
},
{
"cve": "CVE-2019-5481",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5481"
}
],
"notes": [
{
"category": "general",
"text": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5481",
"url": "https://www.suse.com/security/cve/CVE-2019-5481"
},
{
"category": "external",
"summary": "SUSE Bug 1149495 for CVE-2019-5481",
"url": "https://bugzilla.suse.com/1149495"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2019-5481"
},
{
"cve": "CVE-2019-5482",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2019-5482"
}
],
"notes": [
{
"category": "general",
"text": "Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2019-5482",
"url": "https://www.suse.com/security/cve/CVE-2019-5482"
},
{
"category": "external",
"summary": "SUSE Bug 1149496 for CVE-2019-5482",
"url": "https://bugzilla.suse.com/1149496"
},
{
"category": "external",
"summary": "SUSE Bug 1156634 for CVE-2019-5482",
"url": "https://bugzilla.suse.com/1156634"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2019-5482"
},
{
"cve": "CVE-2020-8169",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8169"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8169",
"url": "https://www.suse.com/security/cve/CVE-2020-8169"
},
{
"category": "external",
"summary": "SUSE Bug 1173026 for CVE-2020-8169",
"url": "https://bugzilla.suse.com/1173026"
},
{
"category": "external",
"summary": "SUSE Bug 1186108 for CVE-2020-8169",
"url": "https://bugzilla.suse.com/1186108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8169"
},
{
"cve": "CVE-2020-8231",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8231"
}
],
"notes": [
{
"category": "general",
"text": "Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8231",
"url": "https://www.suse.com/security/cve/CVE-2020-8231"
},
{
"category": "external",
"summary": "SUSE Bug 1175109 for CVE-2020-8231",
"url": "https://bugzilla.suse.com/1175109"
},
{
"category": "external",
"summary": "SUSE Bug 1179399 for CVE-2020-8231",
"url": "https://bugzilla.suse.com/1179399"
},
{
"category": "external",
"summary": "SUSE Bug 1186108 for CVE-2020-8231",
"url": "https://bugzilla.suse.com/1186108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2020-8231"
},
{
"cve": "CVE-2020-8284",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8284"
}
],
"notes": [
{
"category": "general",
"text": "A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8284",
"url": "https://www.suse.com/security/cve/CVE-2020-8284"
},
{
"category": "external",
"summary": "SUSE Bug 1179398 for CVE-2020-8284",
"url": "https://bugzilla.suse.com/1179398"
},
{
"category": "external",
"summary": "SUSE Bug 1179399 for CVE-2020-8284",
"url": "https://bugzilla.suse.com/1179399"
},
{
"category": "external",
"summary": "SUSE Bug 1186108 for CVE-2020-8284",
"url": "https://bugzilla.suse.com/1186108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8284"
},
{
"cve": "CVE-2020-8285",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8285"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8285",
"url": "https://www.suse.com/security/cve/CVE-2020-8285"
},
{
"category": "external",
"summary": "SUSE Bug 1179399 for CVE-2020-8285",
"url": "https://bugzilla.suse.com/1179399"
},
{
"category": "external",
"summary": "SUSE Bug 1186108 for CVE-2020-8285",
"url": "https://bugzilla.suse.com/1186108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8285"
},
{
"cve": "CVE-2020-8286",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-8286"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-8286",
"url": "https://www.suse.com/security/cve/CVE-2020-8286"
},
{
"category": "external",
"summary": "SUSE Bug 1179593 for CVE-2020-8286",
"url": "https://bugzilla.suse.com/1179593"
},
{
"category": "external",
"summary": "SUSE Bug 1186108 for CVE-2020-8286",
"url": "https://bugzilla.suse.com/1186108"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2020-8286"
},
{
"cve": "CVE-2021-22297",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22297"
}
],
"notes": [
{
"category": "general",
"text": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22297",
"url": "https://www.suse.com/security/cve/CVE-2021-22297"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22297"
},
{
"cve": "CVE-2021-22298",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22298"
}
],
"notes": [
{
"category": "general",
"text": "There is a logic vulnerability in Huawei Gauss100 OLTP Product. An attacker with certain permissions could perform specific SQL statement to exploit this vulnerability. Due to insufficient security design, successful exploit can cause service abnormal. Affected product versions include: ManageOne versions 6.5.1.1.B020, 6.5.1.1.B030, 6.5.1.1.B040, 6.5.1.SPC100.B050, 6.5.1.SPC101.B010, 6.5.1.SPC101.B040, 6.5.1.SPC200, 6.5.1.SPC200.B010, 6.5.1.SPC200.B030, 6.5.1.SPC200.B040, 6.5.1.SPC200.B050, 6.5.1.SPC200.B060, 6.5.1.SPC200.B070, 6.5.1RC1.B070, 6.5.1RC1.B080, 6.5.1RC2.B040, 6.5.1RC2.B050, 6.5.1RC2.B060, 6.5.1RC2.B070, 6.5.1RC2.B080, 6.5.1RC2.B090.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22298",
"url": "https://www.suse.com/security/cve/CVE-2021-22298"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22298"
},
{
"cve": "CVE-2021-22876",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22876"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.1.1 to and including 7.75.0 is vulnerable to an \"Exposure of Private Personal Information to an Unauthorized Actor\" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22876",
"url": "https://www.suse.com/security/cve/CVE-2021-22876"
},
{
"category": "external",
"summary": "SUSE Bug 1183933 for CVE-2021-22876",
"url": "https://bugzilla.suse.com/1183933"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22876"
},
{
"cve": "CVE-2021-22890",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22890"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly \"short-cut\" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22890",
"url": "https://www.suse.com/security/cve/CVE-2021-22890"
},
{
"category": "external",
"summary": "SUSE Bug 1183934 for CVE-2021-22890",
"url": "https://bugzilla.suse.com/1183934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.1,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2021-22890"
},
{
"cve": "CVE-2021-22898",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22898"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22898",
"url": "https://www.suse.com/security/cve/CVE-2021-22898"
},
{
"category": "external",
"summary": "SUSE Bug 1186114 for CVE-2021-22898",
"url": "https://bugzilla.suse.com/1186114"
},
{
"category": "external",
"summary": "SUSE Bug 1192450 for CVE-2021-22898",
"url": "https://bugzilla.suse.com/1192450"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22898"
},
{
"cve": "CVE-2021-22901",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22901"
}
],
"notes": [
{
"category": "general",
"text": "curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22901",
"url": "https://www.suse.com/security/cve/CVE-2021-22901"
},
{
"category": "external",
"summary": "SUSE Bug 1186115 for CVE-2021-22901",
"url": "https://bugzilla.suse.com/1186115"
},
{
"category": "external",
"summary": "SUSE Bug 1188549 for CVE-2021-22901",
"url": "https://bugzilla.suse.com/1188549"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2021-22901"
},
{
"cve": "CVE-2021-22922",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22922"
}
],
"notes": [
{
"category": "general",
"text": "When curl is instructed to download content using the metalink feature, thecontents is verified against a hash provided in the metalink XML file.The metalink XML file points out to the client how to get the same contentfrom a set of different URLs, potentially hosted by different servers and theclient can then download the file from one or several of them. In a serial orparallel manner.If one of the servers hosting the contents has been breached and the contentsof the specific file on that server is replaced with a modified payload, curlshould detect this when the hash of the file mismatches after a completeddownload. It should remove the contents and instead try getting the contentsfrom another URL. This is not done, and instead such a hash mismatch is onlymentioned in text and the potentially malicious content is kept in the file ondisk.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22922",
"url": "https://www.suse.com/security/cve/CVE-2021-22922"
},
{
"category": "external",
"summary": "SUSE Bug 1188217 for CVE-2021-22922",
"url": "https://bugzilla.suse.com/1188217"
},
{
"category": "external",
"summary": "SUSE Bug 1192447 for CVE-2021-22922",
"url": "https://bugzilla.suse.com/1192447"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22922"
},
{
"cve": "CVE-2021-22924",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22924"
}
],
"notes": [
{
"category": "general",
"text": "libcurl keeps previously used connections in a connection pool for subsequenttransfers to reuse, if one of them matches the setup.Due to errors in the logic, the config matching function did not take \u0027issuercert\u0027 into account and it compared the involved paths *case insensitively*,which could lead to libcurl reusing wrong connections.File paths are, or can be, case sensitive on many systems but not all, and caneven vary depending on used file systems.The comparison also didn\u0027t include the \u0027issuer cert\u0027 which a transfer can setto qualify how to verify the server certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22924",
"url": "https://www.suse.com/security/cve/CVE-2021-22924"
},
{
"category": "external",
"summary": "SUSE Bug 1188219 for CVE-2021-22924",
"url": "https://bugzilla.suse.com/1188219"
},
{
"category": "external",
"summary": "SUSE Bug 1192447 for CVE-2021-22924",
"url": "https://bugzilla.suse.com/1192447"
},
{
"category": "external",
"summary": "SUSE Bug 1200196 for CVE-2021-22924",
"url": "https://bugzilla.suse.com/1200196"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22924"
},
{
"cve": "CVE-2021-22945",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22945"
}
],
"notes": [
{
"category": "general",
"text": "When sending data to an MQTT server, libcurl \u003c= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22945",
"url": "https://www.suse.com/security/cve/CVE-2021-22945"
},
{
"category": "external",
"summary": "SUSE Bug 1190213 for CVE-2021-22945",
"url": "https://bugzilla.suse.com/1190213"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22945"
},
{
"cve": "CVE-2021-22946",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22946"
}
],
"notes": [
{
"category": "general",
"text": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22946",
"url": "https://www.suse.com/security/cve/CVE-2021-22946"
},
{
"category": "external",
"summary": "SUSE Bug 1190373 for CVE-2021-22946",
"url": "https://bugzilla.suse.com/1190373"
},
{
"category": "external",
"summary": "SUSE Bug 1194948 for CVE-2021-22946",
"url": "https://bugzilla.suse.com/1194948"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22946"
},
{
"cve": "CVE-2021-22947",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-22947"
}
],
"notes": [
{
"category": "general",
"text": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker\u0027s injected data comes from the TLS-protected server.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-22947",
"url": "https://www.suse.com/security/cve/CVE-2021-22947"
},
{
"category": "external",
"summary": "SUSE Bug 1190374 for CVE-2021-22947",
"url": "https://bugzilla.suse.com/1190374"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:curl-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:curl-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.79.1-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.79.1-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2021-22947"
}
]
}
CNVD-2017-28786
Vulnerability from cnvd - Published: 2017-09-29
VLAI Severity ?
Title
Haxx Curl信息泄露漏洞(CNVD-2017-28786)
Description
Haxx Curl是瑞典Haxx公司的一套利用URL语法在命令行下工作的文件传输工具,该工具支持文件上传和下载,并包含一个用于程序开发的libcurl(客户端URL传输库)。
Haxx Curl 7.54.1版本中存在本地信息泄露漏洞。本地攻击者可利用该漏洞获取敏感信息。
Severity
低
Patch Name
Haxx Curl信息泄露漏洞(CNVD-2017-28786)的补丁
Patch Description
Haxx Curl是瑞典Haxx公司的一套利用URL语法在命令行下工作的文件传输工具,该工具支持文件上传和下载,并包含一个用于程序开发的libcurl(客户端URL传输库)。
Haxx Curl 7.54.1版本中存在本地信息泄露漏洞。本地攻击者可利用该漏洞获取敏感信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://curl.haxx.se/docs/adv_20170809C.html
Reference
https://curl.haxx.se/docs/adv_20170809C.html
Impacted products
| Name | Haxx cURL 7.54.1 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2017-1000099"
}
},
"description": "Haxx Curl\u662f\u745e\u5178Haxx\u516c\u53f8\u7684\u4e00\u5957\u5229\u7528URL\u8bed\u6cd5\u5728\u547d\u4ee4\u884c\u4e0b\u5de5\u4f5c\u7684\u6587\u4ef6\u4f20\u8f93\u5de5\u5177\uff0c\u8be5\u5de5\u5177\u652f\u6301\u6587\u4ef6\u4e0a\u4f20\u548c\u4e0b\u8f7d\uff0c\u5e76\u5305\u542b\u4e00\u4e2a\u7528\u4e8e\u7a0b\u5e8f\u5f00\u53d1\u7684libcurl\uff08\u5ba2\u6237\u7aefURL\u4f20\u8f93\u5e93\uff09\u3002\r\n\r\nHaxx Curl 7.54.1\u7248\u672c\u4e2d\u5b58\u5728\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002",
"discovererName": "Even Rouault",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://curl.haxx.se/docs/adv_20170809C.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-28786",
"openTime": "2017-09-29",
"patchDescription": "Haxx Curl\u662f\u745e\u5178Haxx\u516c\u53f8\u7684\u4e00\u5957\u5229\u7528URL\u8bed\u6cd5\u5728\u547d\u4ee4\u884c\u4e0b\u5de5\u4f5c\u7684\u6587\u4ef6\u4f20\u8f93\u5de5\u5177\uff0c\u8be5\u5de5\u5177\u652f\u6301\u6587\u4ef6\u4e0a\u4f20\u548c\u4e0b\u8f7d\uff0c\u5e76\u5305\u542b\u4e00\u4e2a\u7528\u4e8e\u7a0b\u5e8f\u5f00\u53d1\u7684libcurl\uff08\u5ba2\u6237\u7aefURL\u4f20\u8f93\u5e93\uff09\u3002\r\n\r\nHaxx Curl 7.54.1\u7248\u672c\u4e2d\u5b58\u5728\u672c\u5730\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u3002\u672c\u5730\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Haxx Curl\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-28786\uff09\u7684\u8865\u4e01",
"products": {
"product": "Haxx cURL 7.54.1"
},
"referenceLink": "https://curl.haxx.se/docs/adv_20170809C.html",
"serverity": "\u4f4e",
"submitTime": "2017-08-17",
"title": "Haxx Curl\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2017-28786\uff09"
}
CERTFR-2018-AVI-339
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Service Orchestration (CSO) versions antérieures à 4.0.0 et 3.3.0 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 18.1R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.1X46-D45, 12.1X46-D67, 12.1X46-D76, 12.1X46-D77, 12.3R11, 12.3R12-S10, 12.3X48-D20, 12.3X48-D25, 12.3X48-D55, 12.3X48-D66, 12.3X48-D70, 12.3X54-D34, 14.1X53-D30, 14.1X53-D47, 15.1F5-S5, 15.1F6-S1, 15.1F6-S10, 15.1F7, 15.1R4-S5, 15.1R4-S9, 15.1R5, 15.1R6-S6, 15.1R7, 15.1R7-S1, 15.1R8, 15.1X49-D110, 15.1X49-D131, 15.1X49-D140, 15.1X49-D20, 15.1X49-D35, 15.1X53-D233, 15.1X53-D234, 15.1X53-D47, 15.1X53-D470, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D60, 15.1X53-D67, 15.1X54-D70, 15.1X8.3, 16.1R2, 16.1R3, 16.1R3-S8, 16.1R3-S9, 16.1R4-S10, 16.1R4-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S1, 16.1R6-S3, 16.1R6-S4, 16.1R7, 16.1X65-D46, 16.1X65-D47, 16.2R1, 16.2R1-S6, 16.2R1-S7, 16.2R2-S5, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R1-S6, 17.2R2-S4, 17.2R2-S5, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.2X75-D70, 17.2X75-D90, 17.2X75-D91, 17.3R1, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R3, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R2, 18.1R1, 18.1R2, 18.1X75-D10, 18.2R1, 18.2X75-D10 et 18.2X75-D5 |
References
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 4.0.0 et 3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 18.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D45, 12.1X46-D67, 12.1X46-D76, 12.1X46-D77, 12.3R11, 12.3R12-S10, 12.3X48-D20, 12.3X48-D25, 12.3X48-D55, 12.3X48-D66, 12.3X48-D70, 12.3X54-D34, 14.1X53-D30, 14.1X53-D47, 15.1F5-S5, 15.1F6-S1, 15.1F6-S10, 15.1F7, 15.1R4-S5, 15.1R4-S9, 15.1R5, 15.1R6-S6, 15.1R7, 15.1R7-S1, 15.1R8, 15.1X49-D110, 15.1X49-D131, 15.1X49-D140, 15.1X49-D20, 15.1X49-D35, 15.1X53-D233, 15.1X53-D234, 15.1X53-D47, 15.1X53-D470, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D60, 15.1X53-D67, 15.1X54-D70, 15.1X8.3, 16.1R2, 16.1R3, 16.1R3-S8, 16.1R3-S9, 16.1R4-S10, 16.1R4-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S1, 16.1R6-S3, 16.1R6-S4, 16.1R7, 16.1X65-D46, 16.1X65-D47, 16.2R1, 16.2R1-S6, 16.2R1-S7, 16.2R2-S5, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R1-S6, 17.2R2-S4, 17.2R2-S5, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.2X75-D70, 17.2X75-D90, 17.2X75-D91, 17.3R1, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R3, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R2, 18.1R1, 18.1R2, 18.1X75-D10, 18.2R1, 18.2X75-D10 et 18.2X75-D5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7407"
},
{
"name": "CVE-2018-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0027"
},
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2015-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3153"
},
{
"name": "CVE-2018-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0024"
},
{
"name": "CVE-2017-1000257",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000257"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2013-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1944"
},
{
"name": "CVE-2018-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2603"
},
{
"name": "CVE-2017-8818",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8818"
},
{
"name": "CVE-2018-0031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0031"
},
{
"name": "CVE-2018-0035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0035"
},
{
"name": "CVE-2018-1000115",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000115"
},
{
"name": "CVE-2016-9952",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9952"
},
{
"name": "CVE-2017-10295",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10295"
},
{
"name": "CVE-2013-4545",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4545"
},
{
"name": "CVE-2015-7236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7236"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2016-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4802"
},
{
"name": "CVE-2017-10388",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10388"
},
{
"name": "CVE-2016-9953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9953"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2018-0039",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0039"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2015-3148",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3148"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2014-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3613"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2013-6422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6422"
},
{
"name": "CVE-2018-0042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0042"
},
{
"name": "CVE-2018-2618",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2618"
},
{
"name": "CVE-2018-1000005",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000005"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2016-0754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0754"
},
{
"name": "CVE-2017-1000101",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000101"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2014-8150",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8150"
},
{
"name": "CVE-2014-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3707"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2018-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0037"
},
{
"name": "CVE-2015-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3143"
},
{
"name": "CVE-2018-0040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0040"
},
{
"name": "CVE-2016-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5419"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2018-2637",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2637"
},
{
"name": "CVE-2017-10198",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10198"
},
{
"name": "CVE-2017-10355",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10355"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2017-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
},
{
"name": "CVE-2016-3739",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3739"
},
{
"name": "CVE-2018-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2663"
},
{
"name": "CVE-2017-15896",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15896"
},
{
"name": "CVE-2018-2579",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2579"
},
{
"name": "CVE-2017-8816",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8816"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"name": "CVE-2017-9502",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9502"
},
{
"name": "CVE-2018-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0030"
},
{
"name": "CVE-2018-0034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0034"
},
{
"name": "CVE-2018-2633",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2633"
},
{
"name": "CVE-2000-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2000-0973"
},
{
"name": "CVE-2014-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0139"
},
{
"name": "CVE-2016-5420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5420"
},
{
"name": "CVE-2016-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
},
{
"name": "CVE-2014-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0138"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2018-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0029"
},
{
"name": "CVE-2018-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0025"
},
{
"name": "CVE-2017-1000254",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000254"
},
{
"name": "CVE-2018-2599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2599"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2017-10356",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10356"
},
{
"name": "CVE-2018-0038",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0038"
},
{
"name": "CVE-2016-9586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
},
{
"name": "CVE-2017-1000100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000100"
},
{
"name": "CVE-2017-10345",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10345"
},
{
"name": "CVE-2018-0041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0041"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-2629",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2629"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2013-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2174"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-0032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0032"
},
{
"name": "CVE-2016-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5421"
},
{
"name": "CVE-2018-2678",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2678"
},
{
"name": "CVE-2014-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0015"
},
{
"name": "CVE-2017-1000099",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000099"
},
{
"name": "CVE-2018-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2588"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2018-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0026"
},
{
"name": "CVE-2016-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0755"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-339",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10869 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10869\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10866 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10866\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10874 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10874\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10863 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10863\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10871 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10871\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10857 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10857\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10868 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10868\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10859 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10859\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10872 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10872\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10858 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10858\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10861 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10861\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10860 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10860\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10864 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10864\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10873 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10873\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10865 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10865\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
CERTFR-2018-AVI-339
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Juniper . Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, une exécution de code arbitraire à distance et un déni de service à distance.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Juniper Networks | N/A | Contrail Service Orchestration (CSO) versions antérieures à 4.0.0 et 3.3.0 | ||
| Juniper Networks | Junos Space | Junos Space versions antérieures à 18.1R1 | ||
| Juniper Networks | Junos OS | Junos OS versions antérieures à 12.1X46-D45, 12.1X46-D67, 12.1X46-D76, 12.1X46-D77, 12.3R11, 12.3R12-S10, 12.3X48-D20, 12.3X48-D25, 12.3X48-D55, 12.3X48-D66, 12.3X48-D70, 12.3X54-D34, 14.1X53-D30, 14.1X53-D47, 15.1F5-S5, 15.1F6-S1, 15.1F6-S10, 15.1F7, 15.1R4-S5, 15.1R4-S9, 15.1R5, 15.1R6-S6, 15.1R7, 15.1R7-S1, 15.1R8, 15.1X49-D110, 15.1X49-D131, 15.1X49-D140, 15.1X49-D20, 15.1X49-D35, 15.1X53-D233, 15.1X53-D234, 15.1X53-D47, 15.1X53-D470, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D60, 15.1X53-D67, 15.1X54-D70, 15.1X8.3, 16.1R2, 16.1R3, 16.1R3-S8, 16.1R3-S9, 16.1R4-S10, 16.1R4-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S1, 16.1R6-S3, 16.1R6-S4, 16.1R7, 16.1X65-D46, 16.1X65-D47, 16.2R1, 16.2R1-S6, 16.2R1-S7, 16.2R2-S5, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R1-S6, 17.2R2-S4, 17.2R2-S5, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.2X75-D70, 17.2X75-D90, 17.2X75-D91, 17.3R1, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R3, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R2, 18.1R1, 18.1R2, 18.1X75-D10, 18.2R1, 18.2X75-D10 et 18.2X75-D5 |
References
| Title | Publication Time | Tags | |||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Contrail Service Orchestration (CSO) versions ant\u00e9rieures \u00e0 4.0.0 et 3.3.0",
"product": {
"name": "N/A",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos Space versions ant\u00e9rieures \u00e0 18.1R1",
"product": {
"name": "Junos Space",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
},
{
"description": "Junos OS versions ant\u00e9rieures \u00e0 12.1X46-D45, 12.1X46-D67, 12.1X46-D76, 12.1X46-D77, 12.3R11, 12.3R12-S10, 12.3X48-D20, 12.3X48-D25, 12.3X48-D55, 12.3X48-D66, 12.3X48-D70, 12.3X54-D34, 14.1X53-D30, 14.1X53-D47, 15.1F5-S5, 15.1F6-S1, 15.1F6-S10, 15.1F7, 15.1R4-S5, 15.1R4-S9, 15.1R5, 15.1R6-S6, 15.1R7, 15.1R7-S1, 15.1R8, 15.1X49-D110, 15.1X49-D131, 15.1X49-D140, 15.1X49-D20, 15.1X49-D35, 15.1X53-D233, 15.1X53-D234, 15.1X53-D47, 15.1X53-D470, 15.1X53-D471, 15.1X53-D490, 15.1X53-D59, 15.1X53-D60, 15.1X53-D67, 15.1X54-D70, 15.1X8.3, 16.1R2, 16.1R3, 16.1R3-S8, 16.1R3-S9, 16.1R4-S10, 16.1R4-S8, 16.1R4-S9, 16.1R5-S4, 16.1R6-S1, 16.1R6-S3, 16.1R6-S4, 16.1R7, 16.1X65-D46, 16.1X65-D47, 16.2R1, 16.2R1-S6, 16.2R1-S7, 16.2R2-S5, 16.2R2-S6, 16.2R3, 17.1R1-S7, 17.1R2-S7, 17.1R3, 17.2R1-S4, 17.2R1-S6, 17.2R2-S4, 17.2R2-S5, 17.2R3, 17.2X75-D100, 17.2X75-D110, 17.2X75-D70, 17.2X75-D90, 17.2X75-D91, 17.3R1, 17.3R1-S4, 17.3R2, 17.3R2-S2, 17.3R3, 17.4R1-S2, 17.4R1-S3, 17.4R1-S4, 17.4R2, 18.1R1, 18.1R2, 18.1X75-D10, 18.2R1, 18.2X75-D10 et 18.2X75-D5",
"product": {
"name": "Junos OS",
"vendor": {
"name": "Juniper Networks",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2017-7407",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-7407"
},
{
"name": "CVE-2018-0027",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0027"
},
{
"name": "CVE-2016-8615",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8615"
},
{
"name": "CVE-2015-3153",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3153"
},
{
"name": "CVE-2018-0024",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0024"
},
{
"name": "CVE-2017-1000257",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000257"
},
{
"name": "CVE-2016-8619",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8619"
},
{
"name": "CVE-2013-1944",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-1944"
},
{
"name": "CVE-2018-2603",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2603"
},
{
"name": "CVE-2017-8818",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8818"
},
{
"name": "CVE-2018-0031",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0031"
},
{
"name": "CVE-2018-0035",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0035"
},
{
"name": "CVE-2018-1000115",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000115"
},
{
"name": "CVE-2016-9952",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9952"
},
{
"name": "CVE-2017-10295",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10295"
},
{
"name": "CVE-2013-4545",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-4545"
},
{
"name": "CVE-2015-7236",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-7236"
},
{
"name": "CVE-2017-3737",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3737"
},
{
"name": "CVE-2016-4802",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-4802"
},
{
"name": "CVE-2017-10388",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10388"
},
{
"name": "CVE-2016-9953",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9953"
},
{
"name": "CVE-2016-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8624"
},
{
"name": "CVE-2018-0039",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0039"
},
{
"name": "CVE-2016-8616",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8616"
},
{
"name": "CVE-2015-3148",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3148"
},
{
"name": "CVE-2016-8620",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8620"
},
{
"name": "CVE-2014-3613",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3613"
},
{
"name": "CVE-2018-1000121",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000121"
},
{
"name": "CVE-2013-6422",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-6422"
},
{
"name": "CVE-2018-0042",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0042"
},
{
"name": "CVE-2018-2618",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2618"
},
{
"name": "CVE-2018-1000005",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000005"
},
{
"name": "CVE-2016-8617",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8617"
},
{
"name": "CVE-2016-0754",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0754"
},
{
"name": "CVE-2017-1000101",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000101"
},
{
"name": "CVE-2018-1000120",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000120"
},
{
"name": "CVE-2014-8150",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-8150"
},
{
"name": "CVE-2014-3707",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-3707"
},
{
"name": "CVE-2016-8618",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8618"
},
{
"name": "CVE-2018-0037",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0037"
},
{
"name": "CVE-2015-3143",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-3143"
},
{
"name": "CVE-2018-0040",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0040"
},
{
"name": "CVE-2016-5419",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5419"
},
{
"name": "CVE-2017-12613",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-12613"
},
{
"name": "CVE-2018-2637",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2637"
},
{
"name": "CVE-2017-10198",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10198"
},
{
"name": "CVE-2017-10355",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10355"
},
{
"name": "CVE-2016-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8623"
},
{
"name": "CVE-2017-5754",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5754"
},
{
"name": "CVE-2016-3739",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-3739"
},
{
"name": "CVE-2018-2663",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2663"
},
{
"name": "CVE-2017-15896",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-15896"
},
{
"name": "CVE-2018-2579",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2579"
},
{
"name": "CVE-2017-8816",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8816"
},
{
"name": "CVE-2017-5753",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5753"
},
{
"name": "CVE-2016-7167",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7167"
},
{
"name": "CVE-2017-9502",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-9502"
},
{
"name": "CVE-2018-0030",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0030"
},
{
"name": "CVE-2018-0034",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0034"
},
{
"name": "CVE-2018-2633",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2633"
},
{
"name": "CVE-2000-0973",
"url": "https://www.cve.org/CVERecord?id=CVE-2000-0973"
},
{
"name": "CVE-2014-0139",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0139"
},
{
"name": "CVE-2016-5420",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5420"
},
{
"name": "CVE-2016-7141",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-7141"
},
{
"name": "CVE-2014-0138",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0138"
},
{
"name": "CVE-2016-8621",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8621"
},
{
"name": "CVE-2018-0029",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0029"
},
{
"name": "CVE-2018-0025",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0025"
},
{
"name": "CVE-2017-1000254",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000254"
},
{
"name": "CVE-2018-2599",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2599"
},
{
"name": "CVE-2017-8817",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-8817"
},
{
"name": "CVE-2017-10356",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10356"
},
{
"name": "CVE-2018-0038",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0038"
},
{
"name": "CVE-2016-9586",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-9586"
},
{
"name": "CVE-2017-1000100",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000100"
},
{
"name": "CVE-2017-10345",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-10345"
},
{
"name": "CVE-2018-0041",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0041"
},
{
"name": "CVE-2017-5715",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-5715"
},
{
"name": "CVE-2018-2629",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2629"
},
{
"name": "CVE-2016-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8622"
},
{
"name": "CVE-2013-2174",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-2174"
},
{
"name": "CVE-2018-1000007",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000007"
},
{
"name": "CVE-2018-0032",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0032"
},
{
"name": "CVE-2016-5421",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-5421"
},
{
"name": "CVE-2018-2678",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2678"
},
{
"name": "CVE-2014-0015",
"url": "https://www.cve.org/CVERecord?id=CVE-2014-0015"
},
{
"name": "CVE-2017-1000099",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-1000099"
},
{
"name": "CVE-2018-2588",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-2588"
},
{
"name": "CVE-2018-1000122",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1000122"
},
{
"name": "CVE-2017-3145",
"url": "https://www.cve.org/CVERecord?id=CVE-2017-3145"
},
{
"name": "CVE-2016-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-8625"
},
{
"name": "CVE-2018-0026",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-0026"
},
{
"name": "CVE-2016-0755",
"url": "https://www.cve.org/CVERecord?id=CVE-2016-0755"
}
],
"links": [],
"reference": "CERTFR-2018-AVI-339",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2018-07-12T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits\nJuniper . Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nun probl\u00e8me de s\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, une ex\u00e9cution de\ncode arbitraire \u00e0 distance et un d\u00e9ni de service \u00e0 distance.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Juniper",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10869 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10869\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10866 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10866\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10874 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10874\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10863 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10863\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10871 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10871\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10857 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10857\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10868 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10868\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10859 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10859\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10872 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10872\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10858 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10858\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10861 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10861\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10860 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10860\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10864 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10864\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10873 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10873\u0026cat=SIRT_1\u0026actp=LIST"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Juniper JSA10865 du 11 juillet 2018",
"url": "https://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10865\u0026cat=SIRT_1\u0026actp=LIST"
}
]
}
GHSA-Q937-PH5C-26QF
Vulnerability from github – Published: 2022-05-17 00:29 – Updated: 2022-05-17 00:29
VLAI?
Details
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.
Severity ?
6.5 (Medium)
{
"affected": [],
"aliases": [
"CVE-2017-1000099"
],
"database_specific": {
"cwe_ids": [
"CWE-200"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-10-05T01:29:00Z",
"severity": "MODERATE"
},
"details": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.",
"id": "GHSA-q937-ph5c-26qf",
"modified": "2022-05-17T00:29:02Z",
"published": "2022-05-17T00:29:02Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-1000099"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/0809C.patch"
},
{
"type": "WEB",
"url": "https://curl.haxx.se/docs/adv_20170809C.html"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201709-14"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/100281"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1039119"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GSD-2017-1000099
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2017-1000099",
"description": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.",
"id": "GSD-2017-1000099",
"references": [
"https://www.suse.com/security/cve/CVE-2017-1000099.html",
"https://advisories.mageia.org/CVE-2017-1000099.html",
"https://security.archlinux.org/CVE-2017-1000099",
"https://alas.aws.amazon.com/cve/html/CVE-2017-1000099.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2017-1000099"
],
"details": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.",
"id": "GSD-2017-1000099",
"modified": "2023-12-13T01:21:02.253207Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.315249",
"ID": "CVE-2017-1000099",
"REQUESTER": "daniel@haxx.se",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "100281",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/100281"
},
{
"name": "GLSA-201709-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201709-14"
},
{
"name": "https://curl.haxx.se/0809C.patch",
"refsource": "CONFIRM",
"url": "https://curl.haxx.se/0809C.patch"
},
{
"name": "1039119",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1039119"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-1000099"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-201709-14",
"refsource": "GENTOO",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201709-14"
},
{
"name": "https://curl.haxx.se/0809C.patch",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/0809C.patch"
},
{
"name": "1039119",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039119"
},
{
"name": "100281",
"refsource": "BID",
"tags": [
"VDB Entry",
"Third Party Advisory"
],
"url": "http://www.securityfocus.com/bid/100281"
},
{
"name": "https://curl.haxx.se/docs/adv_20170809C.html",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://curl.haxx.se/docs/adv_20170809C.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2017-11-01T19:23Z",
"publishedDate": "2017-10-05T01:29Z"
}
}
}
FKIE_CVE-2017-1000099
Vulnerability from fkie_nvd - Published: 2017-10-05 01:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application's provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | http://www.securityfocus.com/bid/100281 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | http://www.securitytracker.com/id/1039119 | Third Party Advisory, VDB Entry | |
| cve@mitre.org | https://curl.haxx.se/0809C.patch | Patch, Vendor Advisory | |
| cve@mitre.org | https://security.gentoo.org/glsa/201709-14 | Patch, Third Party Advisory, VDB Entry | |
| nvd@nist.gov | https://curl.haxx.se/docs/adv_20170809C.html | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/100281 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1039119 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://curl.haxx.se/0809C.patch | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security.gentoo.org/glsa/201709-14 | Patch, Third Party Advisory, VDB Entry |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.54.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7C1D4922-F424-45B1-AF98-B1DD33981110",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. The code doing this would send the wrong buffer to the user (stdout or the application\u0027s provide callback), which could lead to other private data from the heap to get inadvertently displayed. The wrong buffer was an uninitialized memory area allocated on the heap and if it turned out to not contain any zero byte, it would continue and display the data following that buffer in memory."
},
{
"lang": "es",
"value": "A la hora de pedir un archivo de una URL de tipo \"file://\", libcurl ofrece una caracter\u00edstica que env\u00eda metadatos sobre el archivo mediante cabeceras HTTP. El c\u00f3digo responsable de esto enviar\u00eda el b\u00fafer err\u00f3neo al usuario (stdout o la llamada de vuelta de la aplicaci\u00f3n), lo que podr\u00eda provocar que otros datos privados de la memoria din\u00e1mica (heap) se muestren en consecuencia. El b\u00fafer err\u00f3neo es un \u00e1rea no inicializada de la memoria asignada en la memoria din\u00e1mica y si resulta que no tienen ning\u00fan byte con valor cero, continuar\u00eda y mostrar\u00eda los datos que siguen a ese b\u00fafer en la memoria."
}
],
"id": "CVE-2017-1000099",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-10-05T01:29:04.023",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100281"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039119"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/0809C.patch"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201709-14"
},
{
"source": "nvd@nist.gov",
"tags": [
"Vendor Advisory"
],
"url": "https://curl.haxx.se/docs/adv_20170809C.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/100281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1039119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://curl.haxx.se/0809C.patch"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://security.gentoo.org/glsa/201709-14"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…