Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-23914)
Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested in parallel. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-23915)
Patrick Monnerat discovered that curl incorrectly handled memory when processing requests with multi-header compression. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service. (CVE-2023-23916)
{ "availability": "No subscription required", "binaries": [ { "binary_version": "7.58.0-2ubuntu3.23", "binary_name": "curl" }, { "binary_version": "7.58.0-2ubuntu3.23", "binary_name": "libcurl3-gnutls" }, { "binary_version": "7.58.0-2ubuntu3.23", "binary_name": "libcurl3-nss" }, { "binary_version": "7.58.0-2ubuntu3.23", "binary_name": "libcurl4" }, { "binary_version": "7.58.0-2ubuntu3.23", "binary_name": "libcurl4-gnutls-dev" }, { "binary_version": "7.58.0-2ubuntu3.23", "binary_name": "libcurl4-nss-dev" }, { "binary_version": "7.58.0-2ubuntu3.23", "binary_name": "libcurl4-openssl-dev" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:18.04:LTS", "cves": [ { "id": "CVE-2023-23916", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ] } ] } }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "7.68.0-1ubuntu2.16", "binary_name": "curl" }, { "binary_version": "7.68.0-1ubuntu2.16", "binary_name": "libcurl3-gnutls" }, { "binary_version": "7.68.0-1ubuntu2.16", "binary_name": "libcurl3-nss" }, { "binary_version": "7.68.0-1ubuntu2.16", "binary_name": "libcurl4" }, { "binary_version": "7.68.0-1ubuntu2.16", "binary_name": "libcurl4-gnutls-dev" }, { "binary_version": "7.68.0-1ubuntu2.16", "binary_name": "libcurl4-nss-dev" }, { "binary_version": "7.68.0-1ubuntu2.16", "binary_name": "libcurl4-openssl-dev" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:20.04:LTS", "cves": [ { "id": "CVE-2023-23916", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ] } ] } }
{ "availability": "No subscription required", "binaries": [ { "binary_version": "7.81.0-1ubuntu1.8", "binary_name": "curl" }, { "binary_version": "7.81.0-1ubuntu1.8", "binary_name": "libcurl3-gnutls" }, { "binary_version": "7.81.0-1ubuntu1.8", "binary_name": "libcurl3-nss" }, { "binary_version": "7.81.0-1ubuntu1.8", "binary_name": "libcurl4" }, { "binary_version": "7.81.0-1ubuntu1.8", "binary_name": "libcurl4-gnutls-dev" }, { "binary_version": "7.81.0-1ubuntu1.8", "binary_name": "libcurl4-nss-dev" }, { "binary_version": "7.81.0-1ubuntu1.8", "binary_name": "libcurl4-openssl-dev" } ] }
{ "cves_map": { "ecosystem": "Ubuntu:22.04:LTS", "cves": [ { "id": "CVE-2023-23914", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N" }, { "type": "Ubuntu", "score": "low" } ] }, { "id": "CVE-2023-23915", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" }, { "type": "Ubuntu", "score": "low" } ] }, { "id": "CVE-2023-23916", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" }, { "type": "Ubuntu", "score": "medium" } ] } ] } }