VuXML ID | Description |
d6c19e8c-6806-11ee-9464-b42e991fc52e | curl -- SOCKS5 heap buffer overflow
The curl team reports:
This flaw makes curl overflow a heap based buffer in the
SOCKS5 proxy handshake. When curl is asked to pass along
the hostname to the SOCKS5 proxy to allow that to resolve
the address instead of it getting done by curl itself, the
maximum length that hostname can be is 255 bytes. If the
hostname is detected to be longer than 255 bytes, curl
switches to local name resolving and instead passes on the
resolved address only to the proxy. Due to a bug, the
local variable that means "let the host resolve the name"
could get the wrong value during a slow SOCKS5 handshake,
and contrary to the intention, copy the too long hostname
to the target buffer instead of copying just the resolved
address there.
Discovery 2023-09-30 Entry 2023-10-11 Modified 2023-10-11 curl
gt 7.69.0 lt 8.4.0
cmake-core
< 3.27.8
CVE-2023-38545
https://curl.se/docs/CVE-2023-38545.html
|
a4f8bb03-f52f-11ed-9859-080027083a05 | curl -- multiple vulnerabilities
Wei Chong Tan, Harry Sintonen, and Hiroki Kurosawa reports:
This update fixes 4 security vulnerabilities:
- Medium CVE-2023-28319: UAF in SSH sha256 fingerprint check. Reported by Wei Chong Tan on 2023-03-21
- Low CVE-2023-28320: siglongjmp race condition. Reported by Harry Sintonen on 2023-04-02
- Low CVE-2023-28321: IDN wildcard match. Reported by Hiroki Kurosawa on 2023-04-17
- Low CVE-2023-28322: more POST-after-PUT confusion. Reported by Hiroki Kurosawa on 2023-04-19
Discovery 2023-03-21 Entry 2023-05-19 curl
< 8.1.0
CVE-2023-28319
https://curl.se/docs/CVE-2023-28319.html
CVE-2023-28320
https://curl.se/docs/CVE-2023-28320.html
CVE-2023-28321
https://curl.se/docs/CVE-2023-28321.html
CVE-2023-28322
https://curl.se/docs/CVE-2023-28322.html
|
02e33cd1-c655-11ee-8613-08002784c58d | curl -- OCSP verification bypass with TLS session reuse
Hiroki Kurosawa reports:
curl inadvertently kept the SSL session ID for connections
in its cache even when the verify status (OCSP stapling)
test failed. A subsequent transfer to the same hostname
could then succeed if the session ID cache was still
fresh, which then skipped the verify status check.
Discovery 2024-01-31 Entry 2024-02-28 curl
< 8.6.0
CVE-2024-0853
https://curl.se/docs/CVE-2024-0853.html
|
833b469b-5247-11ee-9667-080027f5fec9 | curl -- HTTP headers eat all memory
selmelc on hackerone reports:
When curl retrieves an HTTP response, it stores the
incoming headers so that they can be accessed later via
the libcurl headers API.
However, curl did not have a limit in how many or how
large headers it would accept in a response, allowing a
malicious server to stream an endless series of headers
and eventually cause curl to run out of heap memory.
Discovery 2023-09-13 Entry 2023-09-13 curl
< 8.3.0
CVE-2023-38039
https://curl.se/docs/CVE-2023-38039.html HERE
|