wid-sec-w-2023-2570
Vulnerability from csaf_certbund
Published
2023-10-04 22:00
Modified
2024-05-01 22:00
Summary
cURL: Mehre Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt. libcurl ist eine Bibliothek für Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.
Angriff
Ein Angreifer kann mehrere Schwachstellen in cURL und libcurl ausnutzen, um einen nicht näher spezifizierten Angriff zu starten.
Betroffene Betriebssysteme
- Linux



{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "cURL ist eine Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.\r\nlibcurl ist eine Bibliothek f\u00fcr Client-Software, die das Austauschen von Dateien mittels mehrerer Protokolle wie z. B. HTTP oder FTP erlaubt.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in cURL und libcurl ausnutzen, um einen nicht n\u00e4her spezifizierten Angriff zu starten.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2570 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-2570.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2570 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2570"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4672-1 vom 2023-12-09",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017299.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7095021 vom 2023-12-11",
        "url": "https://www.ibm.com/support/pages/node/7095021"
      },
      {
        "category": "external",
        "summary": "Insyde Security Advisory INSYDE-SA-2023065 vom 2024-01-10",
        "url": "https://www.insyde.com/security-pledge/SA-2023065"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4650-1 vom 2023-12-14",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-December/017403.html"
      },
      {
        "category": "external",
        "summary": "Hitachi Vulnerability Information HITACHI-SEC-2023-148 vom 2023-12-19",
        "url": "https://www.hitachi.com/products/it/software/security/info/vuls/hitachi-sec-2023-148/index.html"
      },
      {
        "category": "external",
        "summary": "Curl Security Notification vom 2023-10-04",
        "url": "https://github.com/curl/curl/discussions/12026"
      },
      {
        "category": "external",
        "summary": "Curl Changelog vom 2023-10-11",
        "url": "https://curl.se/changes.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7130800 vom 2024-03-13",
        "url": "https://www.ibm.com/support/pages/node/7130800"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202310-12 vom 2023-10-11",
        "url": "https://security.gentoo.org/glsa/202310-12"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4043-1 vom 2023-10-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016629.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4044-1 vom 2023-10-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016628.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2023:4045-1 vom 2023-10-11",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-October/016627.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-5523 vom 2023-10-11",
        "url": "https://lists.debian.org/debian-security-announce/2023/msg00216.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-3613 vom 2023-10-11",
        "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00016.html"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6429-1 vom 2023-10-11",
        "url": "https://ubuntu.com/security/notices/USN-6429-1"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2023-2287 vom 2023-10-12",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2023-2287.html"
      },
      {
        "category": "external",
        "summary": "TeamViewer Security Bulletin TV-2023-1002 vom 2023-10-11",
        "url": "https://www.teamviewer.com/en-us/trust-center/security-bulletins/tv-2023-1002/"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6429-2 vom 2023-10-11",
        "url": "https://ubuntu.com/security/notices/USN-6429-2"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-0F8D1871D8 vom 2023-10-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-0f8d1871d8"
      },
      {
        "category": "external",
        "summary": "Wibu Security Advisory",
        "url": "https://cdn.wibu.com/fileadmin/wibu_downloads/security_advisories/AdvisoryWIBU-231017-01.pdf"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-FEF2B8DA32 vom 2023-10-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-fef2b8da32"
      },
      {
        "category": "external",
        "summary": "IGEL Security Notice ISN-2023-23 vom 2023-10-12",
        "url": "https://kb.igel.com/securitysafety/en/isn-2023-23-curl-vulnerability-101065265.html"
      },
      {
        "category": "external",
        "summary": "Fedora Security Advisory FEDORA-2023-B855DE5C0F vom 2023-10-12",
        "url": "https://bodhi.fedoraproject.org/updates/FEDORA-2023-b855de5c0f"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5700 vom 2023-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:5700.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5700 vom 2023-10-16",
        "url": "https://access.redhat.com/errata/RHSA-2023:5700"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:5763 vom 2023-10-17",
        "url": "https://access.redhat.com/errata/RHSA-2023:5763"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-6429-3 vom 2023-10-17",
        "url": "https://ubuntu.com/security/notices/USN-6429-3"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-004 vom 2024-03-04",
        "url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox%C2%AE-Security-Bulletin-XRX24-004-Xerox%C2%AE-FreeFlow%C2%AE-Print-Server-v7.pdf"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX24-005 vom 2024-03-04",
        "url": "https://security.business.xerox.com/wp-content/uploads/2024/03/Xerox-Security-Bulletin-XRX24-005-Xerox-FreeFlow%C2%AE-Print-Server-v9_Feb-2024.pdf"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-5763 vom 2023-10-18",
        "url": "https://linux.oracle.com/errata/ELSA-2023-5763.html"
      },
      {
        "category": "external",
        "summary": "Meinberg Security Advisory MBGSA-2023.05 vom 2023-10-26",
        "url": "https://www.meinbergglobal.com/english/news/meinberg-security-advisory-mbgsa-2023-05-lantime-firmware-version-7-08-004.htm"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALASECS-2023-016 vom 2023-11-01",
        "url": "https://alas.aws.amazon.com/AL2/ALASECS-2023-016.html"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:6292 vom 2023-11-03",
        "url": "https://access.redhat.com/errata/RHSA-2023:6292"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:6745 vom 2023-11-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:6745"
      },
      {
        "category": "external",
        "summary": "Kong Insomnia Changelog vom 2023-11-10",
        "url": "https://insomnia.rest/changelog"
      },
      {
        "category": "external",
        "summary": "FortiGuard Labs PSIRT Advisory FG-IR-23-385 vom 2023-11-14",
        "url": "https://www.fortiguard.com/psirt/FG-IR-23-385"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:6841 vom 2023-11-17",
        "url": "https://access.redhat.com/errata/RHSA-2023:6841"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:6842 vom 2023-11-17",
        "url": "https://access.redhat.com/errata/RHSA-2023:6842"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-6745 vom 2023-11-16",
        "url": "https://linux.oracle.com/errata/ELSA-2023-6745.html"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7077530 vom 2023-11-16",
        "url": "https://www.ibm.com/support/pages/node/7077530"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7540 vom 2023-11-28",
        "url": "https://access.redhat.com/errata/RHSA-2023:7540"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7626 vom 2023-12-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:7626"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2023:7625 vom 2023-12-07",
        "url": "https://access.redhat.com/errata/RHSA-2023:7625"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0303 vom 2024-03-27",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0303"
      },
      {
        "category": "external",
        "summary": "Citrix Security Advisory CTX633181 vom 2024-03-28",
        "url": "https://support.citrix.com/article/CTX633181/hotfix-xs82ecu1063-for-citrix-hypervisor-82-cumulative-update-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:1601 vom 2024-04-02",
        "url": "https://access.redhat.com/errata/RHSA-2024:1601"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2024-1601 vom 2024-04-03",
        "url": "https://linux.oracle.com/errata/ELSA-2024-1601.html"
      },
      {
        "category": "external",
        "summary": "Rocky Linux Security Advisory RLSA-2024:1601 vom 2024-04-05",
        "url": "https://errata.build.resf.org/RLSA-2024:1601"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-166 vom 2024-04-08",
        "url": "https://www.dell.com/support/kbdoc/de-de/000223914/dsa-2024-166-security-update-for-dell-networker-curl-vulnerabilities"
      },
      {
        "category": "external",
        "summary": "Juniper Security Bulletin",
        "url": "https://supportportal.juniper.net/s/article/2024-04-Security-Bulletin-Junos-OS-and-Junos-OS-Evolved-Multiple-cURL-vulnerabilities-resolved?language=en_US"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7148094 vom 2024-04-11",
        "url": "https://www.ibm.com/support/pages/node/7148094"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2011 vom 2024-04-23",
        "url": "https://access.redhat.com/errata/RHSA-2024:2011"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2101 vom 2024-04-29",
        "url": "https://access.redhat.com/errata/RHSA-2024:2101"
      },
      {
        "category": "external",
        "summary": "IBM Security Bulletin 7149801 vom 2024-04-30",
        "url": "https://www.ibm.com/support/pages/node/7149801"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2093 vom 2024-05-01",
        "url": "https://access.redhat.com/errata/RHSA-2024:2093"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2024:2092 vom 2024-05-01",
        "url": "https://access.redhat.com/errata/RHSA-2024:2092"
      }
    ],
    "source_lang": "en-US",
    "title": "cURL: Mehre Schwachstellen",
    "tracking": {
      "current_release_date": "2024-05-01T22:00:00.000+00:00",
      "generator": {
        "date": "2024-05-02T08:40:09.998+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.0"
        }
      },
      "id": "WID-SEC-W-2023-2570",
      "initial_release_date": "2023-10-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-10-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2023-10-10T22:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von curl aufgenommen"
        },
        {
          "date": "2023-10-11T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Debian, Ubuntu, Amazon und TeamViewer aufgenommen"
        },
        {
          "date": "2023-10-12T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Fedora und IGEL aufgenommen"
        },
        {
          "date": "2023-10-15T22:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-10-17T22:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von Red Hat und Ubuntu aufgenommen"
        },
        {
          "date": "2023-10-18T22:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2023-10-26T22:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Meinberg aufgenommen"
        },
        {
          "date": "2023-11-01T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Amazon aufgenommen"
        },
        {
          "date": "2023-11-02T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-07T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-11-09T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates aufgenommen"
        },
        {
          "date": "2023-11-14T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Fortinet aufgenommen"
        },
        {
          "date": "2023-11-16T23:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von Red Hat, Oracle Linux und IBM aufgenommen"
        },
        {
          "date": "2023-11-28T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-12-07T23:00:00.000+00:00",
          "number": "16",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2023-12-10T23:00:00.000+00:00",
          "number": "17",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-12-11T23:00:00.000+00:00",
          "number": "18",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2023-12-14T23:00:00.000+00:00",
          "number": "19",
          "summary": "Neue Updates von SUSE aufgenommen"
        },
        {
          "date": "2023-12-18T23:00:00.000+00:00",
          "number": "20",
          "summary": "Neue Updates von HITACHI und VERITAS aufgenommen"
        },
        {
          "date": "2024-01-09T23:00:00.000+00:00",
          "number": "21",
          "summary": "Neue Updates von Insyde aufgenommen"
        },
        {
          "date": "2024-01-22T23:00:00.000+00:00",
          "number": "22",
          "summary": "Neue Updates von WIBU-SYSTEMS aufgenommen"
        },
        {
          "date": "2024-03-03T23:00:00.000+00:00",
          "number": "23",
          "summary": "Neue Updates von XEROX aufgenommen"
        },
        {
          "date": "2024-03-13T23:00:00.000+00:00",
          "number": "24",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-03-27T23:00:00.000+00:00",
          "number": "25",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2024-04-02T22:00:00.000+00:00",
          "number": "26",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-03T22:00:00.000+00:00",
          "number": "27",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        },
        {
          "date": "2024-04-07T22:00:00.000+00:00",
          "number": "28",
          "summary": "Neue Updates von Rocky Enterprise Software Foundation aufgenommen"
        },
        {
          "date": "2024-04-10T22:00:00.000+00:00",
          "number": "29",
          "summary": "Neue Updates von Juniper aufgenommen"
        },
        {
          "date": "2024-04-11T22:00:00.000+00:00",
          "number": "30",
          "summary": "Neue Updates von IBM aufgenommen"
        },
        {
          "date": "2024-04-23T22:00:00.000+00:00",
          "number": "31",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-04-29T22:00:00.000+00:00",
          "number": "32",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2024-05-01T22:00:00.000+00:00",
          "number": "33",
          "summary": "Neue Updates von Red Hat aufgenommen"
        }
      ],
      "status": "final",
      "version": "33"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.2",
                "product": {
                  "name": "Citrix Systems Hypervisor 8.2",
                  "product_id": "T029180",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:citrix:hypervisor:8.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Hypervisor"
          }
        ],
        "category": "vendor",
        "name": "Citrix Systems"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c19.10.0.2",
                "product": {
                  "name": "Dell NetWorker \u003c19.10.0.2",
                  "product_id": "T033910",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:dell:networker:19.10.0.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "NetWorker"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Fedora Linux",
            "product": {
              "name": "Fedora Linux",
              "product_id": "74185",
              "product_identification_helper": {
                "cpe": "cpe:/o:fedoraproject:fedora:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Fedora"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "FGT_VM64_KVM",
                "product": {
                  "name": "Fortinet FortiGate FGT_VM64_KVM",
                  "product_id": "T031090",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:fortinet:fortigate:fgt_vm64_kvm"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiGate"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c=7.2.6",
                "product": {
                  "name": "Fortinet FortiOS \u003c=7.2.6",
                  "product_id": "T030436",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:7.2.6"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.4.1",
                "product": {
                  "name": "Fortinet FortiOS \u003c=7.4.1",
                  "product_id": "T030437",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:7.4.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c=7.0.13",
                "product": {
                  "name": "Fortinet FortiOS \u003c=7.0.13",
                  "product_id": "T030438",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:fortinet:fortios:7.0.13"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FortiOS"
          }
        ],
        "category": "vendor",
        "name": "Fortinet"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.3.1",
                "product": {
                  "name": "IBM AIX 7.3.1",
                  "product_id": "T028363",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.3.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3.2",
                "product": {
                  "name": "IBM AIX 7.3.2",
                  "product_id": "T031553",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:ibm:aix:7.3.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "AIX"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "IBM MQ",
                "product": {
                  "name": "IBM MQ",
                  "product_id": "T021398",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:-"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "Operator 2.4.5",
                "product": {
                  "name": "IBM MQ Operator 2.4.5",
                  "product_id": "T031239",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:mq:operator_2.4.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "MQ"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.5",
                "product": {
                  "name": "IBM QRadar SIEM 7.5",
                  "product_id": "T022954",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:qradar_siem:7.5"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "QRadar SIEM"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9.1",
                "product": {
                  "name": "IBM Rational ClearCase 9.1",
                  "product_id": "T021423",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:9.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.0.1",
                "product": {
                  "name": "IBM Rational ClearCase 10.0.1",
                  "product_id": "T033483",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:ibm:rational_clearcase:10.0.1"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Rational ClearCase"
          }
        ],
        "category": "vendor",
        "name": "IBM"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "IGEL OS",
            "product": {
              "name": "IGEL OS",
              "product_id": "T017865",
              "product_identification_helper": {
                "cpe": "cpe:/o:igel:os:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "IGEL"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003cRV23.11",
                "product": {
                  "name": "Insyde UEFI Firmware \u003cRV23.11",
                  "product_id": "T031950",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:insyde:uefi:rv23.11"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "UEFI Firmware"
          }
        ],
        "category": "vendor",
        "name": "Insyde"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Evolved",
                "product": {
                  "name": "Juniper JUNOS Evolved",
                  "product_id": "T018886",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:evolved"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Juniper JUNOS",
                "product": {
                  "name": "Juniper JUNOS",
                  "product_id": "T032362",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:juniper:junos:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JUNOS"
          }
        ],
        "category": "vendor",
        "name": "Juniper"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.4.0",
                "product": {
                  "name": "Kong Insomnia \u003c8.4.0",
                  "product_id": "T031040",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:konghq:insomnia:8.4.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Insomnia"
          }
        ],
        "category": "vendor",
        "name": "Kong"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c7.08.004",
                "product": {
                  "name": "Meinberg LANTIME \u003c7.08.004",
                  "product_id": "T030804",
                  "product_identification_helper": {
                    "cpe": "cpe:/h:meinberg:lantime:7.08.004"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "LANTIME"
          }
        ],
        "category": "vendor",
        "name": "Meinberg"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.4.0",
                "product": {
                  "name": "Open Source cURL \u003c8.4.0",
                  "product_id": "T030274",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:curl:curl:8.4.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "cURL"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c8.4.0",
                "product": {
                  "name": "Open Source libcurl \u003c8.4.0",
                  "product_id": "T030275",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:open_source:libcurl:8.4.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "libcurl"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "RESF Rocky Linux",
            "product": {
              "name": "RESF Rocky Linux",
              "product_id": "T032255",
              "product_identification_helper": {
                "cpe": "cpe:/o:resf:rocky_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "RESF"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1",
                "product": {
                  "name": "Red Hat JBoss Core Services 1",
                  "product_id": "459970",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:1.0"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Core Services",
                "product": {
                  "name": "Red Hat JBoss Core Services",
                  "product_id": "T012412",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_core_services:-"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "JBoss Core Services"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "Container Platform 4.12",
                "product": {
                  "name": "Red Hat OpenShift Container Platform 4.12",
                  "product_id": "T026435",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform_4.12"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "Container Platform \u003c4.12.43",
                "product": {
                  "name": "Red Hat OpenShift Container Platform \u003c4.12.43",
                  "product_id": "T031232",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openshift:container_platform__4.12.43"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "OpenShift"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.2.1",
                  "product_id": "T033705",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.2.1"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.4",
                  "product_id": "T033706",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.1.4"
                  }
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.9",
                  "product_id": "T033707",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:splunk:splunk:9.0.9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c15.46.7",
                "product": {
                  "name": "TeamViewer TeamViewer \u003c15.46.7",
                  "product_id": "T030465",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:teamviewer:teamviewer:15.46.7"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "TeamViewer"
          }
        ],
        "category": "vendor",
        "name": "TeamViewer"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Veritas NetBackup",
            "product": {
              "name": "Veritas NetBackup",
              "product_id": "1163775",
              "product_identification_helper": {
                "cpe": "cpe:/a:veritas:netbackup:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Veritas"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Runtime \u003c7.60d",
                "product": {
                  "name": "Wibu-Systems CodeMeter Runtime \u003c7.60d",
                  "product_id": "T032271",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:wibu:codemeter:runtime__7.60d"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "CodeMeter"
          }
        ],
        "category": "vendor",
        "name": "Wibu-Systems"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "v7",
                "product": {
                  "name": "Xerox FreeFlow Print Server v7",
                  "product_id": "T015631",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v7"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "v9",
                "product": {
                  "name": "Xerox FreeFlow Print Server v9",
                  "product_id": "T015632",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:v9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-38545",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in cURL und libcurl, die noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028363",
          "T031553",
          "T030465",
          "T031950",
          "67646",
          "T012412",
          "T033910",
          "T031239",
          "T004914",
          "T031232",
          "T032362",
          "T018886",
          "T031090",
          "T033707",
          "T030438",
          "398363",
          "T033705",
          "T033706",
          "T021398",
          "T030437",
          "1163775",
          "T030436",
          "T029180",
          "T033483",
          "T015632",
          "T012167",
          "T015631",
          "T031040",
          "T032271",
          "T032255",
          "74185",
          "T022954",
          "T021423",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T030804",
          "459970",
          "T026435"
        ]
      },
      "release_date": "2023-10-04T22:00:00Z",
      "title": "CVE-2023-38545"
    },
    {
      "cve": "CVE-2023-38546",
      "notes": [
        {
          "category": "description",
          "text": "Es existieren mehrere Schwachstellen in cURL und libcurl, die noch nicht im Detail beschrieben und ver\u00f6ffentlicht wurden. Ein Angreifer kann diese Schwachstellen ausnutzen, um nicht spezifizierte Auswirkungen zu verursachen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T028363",
          "T031553",
          "T030465",
          "T031950",
          "67646",
          "T012412",
          "T033910",
          "T031239",
          "T004914",
          "T031232",
          "T032362",
          "T018886",
          "T031090",
          "T033707",
          "T030438",
          "398363",
          "T033705",
          "T033706",
          "T021398",
          "T030437",
          "1163775",
          "T030436",
          "T029180",
          "T033483",
          "T015632",
          "T012167",
          "T015631",
          "T031040",
          "T032271",
          "T032255",
          "74185",
          "T022954",
          "T021423",
          "2951",
          "T002207",
          "T017865",
          "T000126",
          "T030804",
          "459970",
          "T026435"
        ]
      },
      "release_date": "2023-10-04T22:00:00Z",
      "title": "CVE-2023-38546"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.