Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2025-AVI-0448
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Tenable Nessus Network Monitor. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.
Solutions
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Impacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Tenable | Nessus Network Monitor | Nessus Network Monitor versions antérieures à 6.5.1 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Nessus Network Monitor versions ant\u00e9rieures \u00e0 6.5.1",
"product": {
"name": "Nessus Network Monitor",
"vendor": {
"name": "Tenable",
"scada": false
}
}
}
],
"affected_systems_content": "",
"content": "## Solutions\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des correctifs (cf. section Documentation).",
"cves": [
{
"name": "CVE-2024-9681",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9681"
},
{
"name": "CVE-2024-8176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8176"
},
{
"name": "CVE-2024-13176",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-13176"
},
{
"name": "CVE-2024-11053",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-11053"
},
{
"name": "CVE-2025-24916",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24916"
},
{
"name": "CVE-2024-9143",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-9143"
},
{
"name": "CVE-2025-3241",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-3241"
},
{
"name": "CVE-2023-7256",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-7256"
},
{
"name": "CVE-2024-8006",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-8006"
},
{
"name": "CVE-2024-50602",
"url": "https://www.cve.org/CVERecord?id=CVE-2024-50602"
},
{
"name": "CVE-2025-32415",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32415"
},
{
"name": "CVE-2025-32414",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-32414"
},
{
"name": "CVE-2025-0725",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0725"
},
{
"name": "CVE-2025-0167",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-0167"
},
{
"name": "CVE-2025-24917",
"url": "https://www.cve.org/CVERecord?id=CVE-2025-24917"
}
],
"links": [],
"reference": "CERTFR-2025-AVI-0448",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2025-05-23T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Tenable Nessus Network Monitor. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une \u00e9l\u00e9vation de privil\u00e8ges et un d\u00e9ni de service \u00e0 distance.",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Tenable Nessus Network Monitor",
"vendor_advisories": [
{
"published_at": "2025-05-23",
"title": "Bulletin de s\u00e9curit\u00e9 Tenable tns-2025-10",
"url": "https://www.tenable.com/security/tns-2025-10"
}
]
}
CVE-2023-7256 (GCVE-0-2023-7256)
Vulnerability from cvelistv5 – Published: 2024-08-30 23:44 – Updated: 2024-09-03 20:07
VLAI
EPSS
Title
Double-free in libpcap before 1.10.5 with remote packet capture support.
Summary
In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400.
Severity
4.4 (Medium)
CWE
- CWE-415 - Double Free
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Tcpdump Group | libpcap |
Affected:
1.8.x
Affected: 1.9.x Affected: 1.10.x , ≤ 1.10.4 (semver) |
Credits
Dora Sweet
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-7256",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T20:03:11.759531Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T20:07:34.599Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"remote packet capture"
],
"product": "libpcap",
"repo": "https://github.com/the-tcpdump-group/libpcap/",
"vendor": "The Tcpdump Group",
"versions": [
{
"status": "affected",
"version": "1.8.x"
},
{
"status": "affected",
"version": "1.9.x"
},
{
"lessThanOrEqual": "1.10.4",
"status": "affected",
"version": "1.10.x",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The problem is specific to the remote packet capture code, which is not enabled in the default build configuration."
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"value": "Dora Sweet"
}
],
"descriptions": [
{
"lang": "en",
"value": "In affected libpcap versions during the setup of a remote packet capture the internal function sock_initaddress() calls getaddrinfo() and possibly freeaddrinfo(), but does not clearly indicate to the caller function whether freeaddrinfo() still remains to be called after the function returns. This makes it possible in some scenarios that both the function and its caller call freeaddrinfo() for the same allocated memory block. A similar problem was reported in Apple libpcap, to which Apple assigned CVE-2023-40400."
}
],
"exploits": [
{
"lang": "en",
"value": "A functional exploit exists."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-415",
"description": "CWE-415 Double Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T23:44:04.383Z",
"orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
"shortName": "Tcpdump"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/the-tcpdump-group/libpcap/commit/262e4f34979872d822ccedf9f318ed89c4d31c03"
},
{
"tags": [
"patch"
],
"url": "https://github.com/the-tcpdump-group/libpcap/commit/2aa69b04d8173b18a0e3492e0c8f2f7fabdf642d"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to libpcap 1.10.5."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Double-free in libpcap before 1.10.5 with remote packet capture support.",
"workarounds": [
{
"lang": "en",
"value": "Do not build libpcap with remote packet capture support."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
"assignerShortName": "Tcpdump",
"cveId": "CVE-2023-7256",
"datePublished": "2024-08-30T23:44:04.383Z",
"dateReserved": "2024-04-11T15:02:51.577Z",
"dateUpdated": "2024-09-03T20:07:34.599Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-11053 (GCVE-0-2024-11053)
Vulnerability from cvelistv5 – Published: 2024-12-11 07:34 – Updated: 2025-11-03 20:36
VLAI
EPSS
Title
netrc and redirect credential leak
Summary
When asked to both use a `.netrc` file for credentials and to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has an entry that matches
the redirect target hostname but the entry either omits just the password or
omits both login and password.
Severity
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| curl | curl |
Affected:
8.11.0 , ≤ 8.11.0
(semver)
Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver) Affected: 7.73.0 , ≤ 7.73.0 (semver) Affected: 7.72.0 , ≤ 7.72.0 (semver) Affected: 7.71.1 , ≤ 7.71.1 (semver) Affected: 7.71.0 , ≤ 7.71.0 (semver) Affected: 7.70.0 , ≤ 7.70.0 (semver) Affected: 7.69.1 , ≤ 7.69.1 (semver) Affected: 7.69.0 , ≤ 7.69.0 (semver) Affected: 7.68.0 , ≤ 7.68.0 (semver) Affected: 7.67.0 , ≤ 7.67.0 (semver) Affected: 7.66.0 , ≤ 7.66.0 (semver) Affected: 7.65.3 , ≤ 7.65.3 (semver) Affected: 7.65.2 , ≤ 7.65.2 (semver) Affected: 7.65.1 , ≤ 7.65.1 (semver) Affected: 7.65.0 , ≤ 7.65.0 (semver) Affected: 7.64.1 , ≤ 7.64.1 (semver) Affected: 7.64.0 , ≤ 7.64.0 (semver) Affected: 7.63.0 , ≤ 7.63.0 (semver) Affected: 7.62.0 , ≤ 7.62.0 (semver) Affected: 7.61.1 , ≤ 7.61.1 (semver) Affected: 7.61.0 , ≤ 7.61.0 (semver) Affected: 7.60.0 , ≤ 7.60.0 (semver) Affected: 7.59.0 , ≤ 7.59.0 (semver) Affected: 7.58.0 , ≤ 7.58.0 (semver) Affected: 7.57.0 , ≤ 7.57.0 (semver) Affected: 7.56.1 , ≤ 7.56.1 (semver) Affected: 7.56.0 , ≤ 7.56.0 (semver) Affected: 7.55.1 , ≤ 7.55.1 (semver) Affected: 7.55.0 , ≤ 7.55.0 (semver) Affected: 7.54.1 , ≤ 7.54.1 (semver) Affected: 7.54.0 , ≤ 7.54.0 (semver) Affected: 7.53.1 , ≤ 7.53.1 (semver) Affected: 7.53.0 , ≤ 7.53.0 (semver) Affected: 7.52.1 , ≤ 7.52.1 (semver) Affected: 7.52.0 , ≤ 7.52.0 (semver) Affected: 7.51.0 , ≤ 7.51.0 (semver) Affected: 7.50.3 , ≤ 7.50.3 (semver) Affected: 7.50.2 , ≤ 7.50.2 (semver) Affected: 7.50.1 , ≤ 7.50.1 (semver) Affected: 7.50.0 , ≤ 7.50.0 (semver) Affected: 7.49.1 , ≤ 7.49.1 (semver) Affected: 7.49.0 , ≤ 7.49.0 (semver) Affected: 7.48.0 , ≤ 7.48.0 (semver) Affected: 7.47.1 , ≤ 7.47.1 (semver) Affected: 7.47.0 , ≤ 7.47.0 (semver) Affected: 7.46.0 , ≤ 7.46.0 (semver) Affected: 7.45.0 , ≤ 7.45.0 (semver) Affected: 7.44.0 , ≤ 7.44.0 (semver) Affected: 7.43.0 , ≤ 7.43.0 (semver) Affected: 7.42.1 , ≤ 7.42.1 (semver) Affected: 7.42.0 , ≤ 7.42.0 (semver) Affected: 7.41.0 , ≤ 7.41.0 (semver) Affected: 7.40.0 , ≤ 7.40.0 (semver) Affected: 7.39.0 , ≤ 7.39.0 (semver) Affected: 7.38.0 , ≤ 7.38.0 (semver) Affected: 7.37.1 , ≤ 7.37.1 (semver) Affected: 7.37.0 , ≤ 7.37.0 (semver) Affected: 7.36.0 , ≤ 7.36.0 (semver) Affected: 7.35.0 , ≤ 7.35.0 (semver) Affected: 7.34.0 , ≤ 7.34.0 (semver) Affected: 7.33.0 , ≤ 7.33.0 (semver) Affected: 7.32.0 , ≤ 7.32.0 (semver) Affected: 7.31.0 , ≤ 7.31.0 (semver) Affected: 7.30.0 , ≤ 7.30.0 (semver) Affected: 7.29.0 , ≤ 7.29.0 (semver) Affected: 7.28.1 , ≤ 7.28.1 (semver) Affected: 7.28.0 , ≤ 7.28.0 (semver) Affected: 7.27.0 , ≤ 7.27.0 (semver) Affected: 7.26.0 , ≤ 7.26.0 (semver) Affected: 7.25.0 , ≤ 7.25.0 (semver) Affected: 7.24.0 , ≤ 7.24.0 (semver) Affected: 7.23.1 , ≤ 7.23.1 (semver) Affected: 7.23.0 , ≤ 7.23.0 (semver) Affected: 7.22.0 , ≤ 7.22.0 (semver) Affected: 7.21.7 , ≤ 7.21.7 (semver) Affected: 7.21.6 , ≤ 7.21.6 (semver) Affected: 7.21.5 , ≤ 7.21.5 (semver) Affected: 7.21.4 , ≤ 7.21.4 (semver) Affected: 7.21.3 , ≤ 7.21.3 (semver) Affected: 7.21.2 , ≤ 7.21.2 (semver) Affected: 7.21.1 , ≤ 7.21.1 (semver) Affected: 7.21.0 , ≤ 7.21.0 (semver) Affected: 7.20.1 , ≤ 7.20.1 (semver) Affected: 7.20.0 , ≤ 7.20.0 (semver) Affected: 7.19.7 , ≤ 7.19.7 (semver) Affected: 7.19.6 , ≤ 7.19.6 (semver) Affected: 7.19.5 , ≤ 7.19.5 (semver) Affected: 7.19.4 , ≤ 7.19.4 (semver) Affected: 7.19.3 , ≤ 7.19.3 (semver) Affected: 7.19.2 , ≤ 7.19.2 (semver) Affected: 7.19.1 , ≤ 7.19.1 (semver) Affected: 7.19.0 , ≤ 7.19.0 (semver) Affected: 7.18.2 , ≤ 7.18.2 (semver) Affected: 7.18.1 , ≤ 7.18.1 (semver) Affected: 7.18.0 , ≤ 7.18.0 (semver) Affected: 7.17.1 , ≤ 7.17.1 (semver) Affected: 7.17.0 , ≤ 7.17.0 (semver) Affected: 7.16.4 , ≤ 7.16.4 (semver) Affected: 7.16.3 , ≤ 7.16.3 (semver) Affected: 7.16.2 , ≤ 7.16.2 (semver) Affected: 7.16.1 , ≤ 7.16.1 (semver) Affected: 7.16.0 , ≤ 7.16.0 (semver) Affected: 7.15.5 , ≤ 7.15.5 (semver) Affected: 7.15.4 , ≤ 7.15.4 (semver) Affected: 7.15.3 , ≤ 7.15.3 (semver) Affected: 7.15.2 , ≤ 7.15.2 (semver) Affected: 7.15.1 , ≤ 7.15.1 (semver) Affected: 7.15.0 , ≤ 7.15.0 (semver) Affected: 7.14.1 , ≤ 7.14.1 (semver) Affected: 7.14.0 , ≤ 7.14.0 (semver) Affected: 7.13.2 , ≤ 7.13.2 (semver) Affected: 7.13.1 , ≤ 7.13.1 (semver) Affected: 7.13.0 , ≤ 7.13.0 (semver) Affected: 7.12.3 , ≤ 7.12.3 (semver) Affected: 7.12.2 , ≤ 7.12.2 (semver) Affected: 7.12.1 , ≤ 7.12.1 (semver) Affected: 7.12.0 , ≤ 7.12.0 (semver) Affected: 7.11.2 , ≤ 7.11.2 (semver) Affected: 7.11.1 , ≤ 7.11.1 (semver) Affected: 7.11.0 , ≤ 7.11.0 (semver) Affected: 7.10.8 , ≤ 7.10.8 (semver) Affected: 7.10.7 , ≤ 7.10.7 (semver) Affected: 7.10.6 , ≤ 7.10.6 (semver) Affected: 7.10.5 , ≤ 7.10.5 (semver) Affected: 7.10.4 , ≤ 7.10.4 (semver) Affected: 7.10.3 , ≤ 7.10.3 (semver) Affected: 7.10.2 , ≤ 7.10.2 (semver) Affected: 7.10.1 , ≤ 7.10.1 (semver) Affected: 7.10 , ≤ 7.10 (semver) Affected: 7.9.8 , ≤ 7.9.8 (semver) Affected: 7.9.7 , ≤ 7.9.7 (semver) Affected: 7.9.6 , ≤ 7.9.6 (semver) Affected: 7.9.5 , ≤ 7.9.5 (semver) Affected: 7.9.4 , ≤ 7.9.4 (semver) Affected: 7.9.3 , ≤ 7.9.3 (semver) Affected: 7.9.2 , ≤ 7.9.2 (semver) Affected: 7.9.1 , ≤ 7.9.1 (semver) Affected: 7.9 , ≤ 7.9 (semver) Affected: 7.8.1 , ≤ 7.8.1 (semver) Affected: 7.8 , ≤ 7.8 (semver) Affected: 7.7.3 , ≤ 7.7.3 (semver) Affected: 7.7.2 , ≤ 7.7.2 (semver) Affected: 7.7.1 , ≤ 7.7.1 (semver) Affected: 7.7 , ≤ 7.7 (semver) Affected: 7.6.1 , ≤ 7.6.1 (semver) Affected: 7.6 , ≤ 7.6 (semver) Affected: 7.5.2 , ≤ 7.5.2 (semver) Affected: 7.5.1 , ≤ 7.5.1 (semver) Affected: 7.5 , ≤ 7.5 (semver) Affected: 7.4.2 , ≤ 7.4.2 (semver) Affected: 7.4.1 , ≤ 7.4.1 (semver) Affected: 7.4 , ≤ 7.4 (semver) Affected: 7.3 , ≤ 7.3 (semver) Affected: 7.2.1 , ≤ 7.2.1 (semver) Affected: 7.2 , ≤ 7.2 (semver) Affected: 7.1.1 , ≤ 7.1.1 (semver) Affected: 7.1 , ≤ 7.1 (semver) Affected: 6.5.2 , ≤ 6.5.2 (semver) Affected: 6.5.1 , ≤ 6.5.1 (semver) Affected: 6.5 , ≤ 6.5 (semver) |
Credits
Harry Sintonen
Daniel Stenberg
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:36:27.027Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/12/11/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0012/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0003/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0004/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-11053",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-15T16:47:42.738403Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-15T16:50:59.398Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.11.0",
"status": "affected",
"version": "8.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.1",
"status": "affected",
"version": "8.10.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.1",
"status": "affected",
"version": "8.9.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.0",
"status": "affected",
"version": "8.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.0",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.1",
"status": "affected",
"version": "8.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.0",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.0",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.4.0",
"status": "affected",
"version": "8.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.3.0",
"status": "affected",
"version": "8.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.1",
"status": "affected",
"version": "8.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2",
"status": "affected",
"version": "8.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.1",
"status": "affected",
"version": "8.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "8.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.1",
"status": "affected",
"version": "7.88.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.0",
"status": "affected",
"version": "7.88.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.87.0",
"status": "affected",
"version": "7.87.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.86.0",
"status": "affected",
"version": "7.86.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.85.0",
"status": "affected",
"version": "7.85.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.84.0",
"status": "affected",
"version": "7.84.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.1",
"status": "affected",
"version": "7.83.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.0",
"status": "affected",
"version": "7.83.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.82.0",
"status": "affected",
"version": "7.82.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.81.0",
"status": "affected",
"version": "7.81.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.80.0",
"status": "affected",
"version": "7.80.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.1",
"status": "affected",
"version": "7.79.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.0",
"status": "affected",
"version": "7.79.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.78.0",
"status": "affected",
"version": "7.78.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.77.0",
"status": "affected",
"version": "7.77.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.1",
"status": "affected",
"version": "7.76.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.0",
"status": "affected",
"version": "7.76.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.75.0",
"status": "affected",
"version": "7.75.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.74.0",
"status": "affected",
"version": "7.74.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.73.0",
"status": "affected",
"version": "7.73.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.72.0",
"status": "affected",
"version": "7.72.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.71.1",
"status": "affected",
"version": "7.71.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.71.0",
"status": "affected",
"version": "7.71.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.70.0",
"status": "affected",
"version": "7.70.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.69.1",
"status": "affected",
"version": "7.69.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.69.0",
"status": "affected",
"version": "7.69.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.68.0",
"status": "affected",
"version": "7.68.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.67.0",
"status": "affected",
"version": "7.67.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.66.0",
"status": "affected",
"version": "7.66.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.3",
"status": "affected",
"version": "7.65.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.2",
"status": "affected",
"version": "7.65.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.1",
"status": "affected",
"version": "7.65.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.0",
"status": "affected",
"version": "7.65.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.64.1",
"status": "affected",
"version": "7.64.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.64.0",
"status": "affected",
"version": "7.64.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.63.0",
"status": "affected",
"version": "7.63.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.62.0",
"status": "affected",
"version": "7.62.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.61.1",
"status": "affected",
"version": "7.61.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.61.0",
"status": "affected",
"version": "7.61.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.60.0",
"status": "affected",
"version": "7.60.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.59.0",
"status": "affected",
"version": "7.59.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.58.0",
"status": "affected",
"version": "7.58.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.57.0",
"status": "affected",
"version": "7.57.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.56.1",
"status": "affected",
"version": "7.56.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.56.0",
"status": "affected",
"version": "7.56.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.55.1",
"status": "affected",
"version": "7.55.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.55.0",
"status": "affected",
"version": "7.55.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.54.1",
"status": "affected",
"version": "7.54.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.54.0",
"status": "affected",
"version": "7.54.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.53.1",
"status": "affected",
"version": "7.53.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.53.0",
"status": "affected",
"version": "7.53.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.52.1",
"status": "affected",
"version": "7.52.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.52.0",
"status": "affected",
"version": "7.52.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.51.0",
"status": "affected",
"version": "7.51.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.3",
"status": "affected",
"version": "7.50.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.2",
"status": "affected",
"version": "7.50.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.1",
"status": "affected",
"version": "7.50.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.0",
"status": "affected",
"version": "7.50.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.49.1",
"status": "affected",
"version": "7.49.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.49.0",
"status": "affected",
"version": "7.49.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.48.0",
"status": "affected",
"version": "7.48.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.47.1",
"status": "affected",
"version": "7.47.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.47.0",
"status": "affected",
"version": "7.47.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.46.0",
"status": "affected",
"version": "7.46.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.45.0",
"status": "affected",
"version": "7.45.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.44.0",
"status": "affected",
"version": "7.44.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.43.0",
"status": "affected",
"version": "7.43.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.42.1",
"status": "affected",
"version": "7.42.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.42.0",
"status": "affected",
"version": "7.42.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.41.0",
"status": "affected",
"version": "7.41.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.40.0",
"status": "affected",
"version": "7.40.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.39.0",
"status": "affected",
"version": "7.39.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.38.0",
"status": "affected",
"version": "7.38.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.37.1",
"status": "affected",
"version": "7.37.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.37.0",
"status": "affected",
"version": "7.37.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.36.0",
"status": "affected",
"version": "7.36.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.35.0",
"status": "affected",
"version": "7.35.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.34.0",
"status": "affected",
"version": "7.34.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.33.0",
"status": "affected",
"version": "7.33.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.32.0",
"status": "affected",
"version": "7.32.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.31.0",
"status": "affected",
"version": "7.31.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.30.0",
"status": "affected",
"version": "7.30.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.29.0",
"status": "affected",
"version": "7.29.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.28.1",
"status": "affected",
"version": "7.28.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.28.0",
"status": "affected",
"version": "7.28.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.27.0",
"status": "affected",
"version": "7.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.26.0",
"status": "affected",
"version": "7.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.25.0",
"status": "affected",
"version": "7.25.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.24.0",
"status": "affected",
"version": "7.24.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.23.1",
"status": "affected",
"version": "7.23.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.23.0",
"status": "affected",
"version": "7.23.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.22.0",
"status": "affected",
"version": "7.22.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.7",
"status": "affected",
"version": "7.21.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.6",
"status": "affected",
"version": "7.21.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.5",
"status": "affected",
"version": "7.21.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.4",
"status": "affected",
"version": "7.21.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.3",
"status": "affected",
"version": "7.21.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.2",
"status": "affected",
"version": "7.21.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.1",
"status": "affected",
"version": "7.21.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.0",
"status": "affected",
"version": "7.21.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.20.1",
"status": "affected",
"version": "7.20.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.20.0",
"status": "affected",
"version": "7.20.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.7",
"status": "affected",
"version": "7.19.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.6",
"status": "affected",
"version": "7.19.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.5",
"status": "affected",
"version": "7.19.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.4",
"status": "affected",
"version": "7.19.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.3",
"status": "affected",
"version": "7.19.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.2",
"status": "affected",
"version": "7.19.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.1",
"status": "affected",
"version": "7.19.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.0",
"status": "affected",
"version": "7.19.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.2",
"status": "affected",
"version": "7.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.1",
"status": "affected",
"version": "7.18.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.0",
"status": "affected",
"version": "7.18.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.17.1",
"status": "affected",
"version": "7.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.17.0",
"status": "affected",
"version": "7.17.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.4",
"status": "affected",
"version": "7.16.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.3",
"status": "affected",
"version": "7.16.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.2",
"status": "affected",
"version": "7.16.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.1",
"status": "affected",
"version": "7.16.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.0",
"status": "affected",
"version": "7.16.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.5",
"status": "affected",
"version": "7.15.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.4",
"status": "affected",
"version": "7.15.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.3",
"status": "affected",
"version": "7.15.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.2",
"status": "affected",
"version": "7.15.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.1",
"status": "affected",
"version": "7.15.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.0",
"status": "affected",
"version": "7.15.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.14.1",
"status": "affected",
"version": "7.14.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.14.0",
"status": "affected",
"version": "7.14.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.2",
"status": "affected",
"version": "7.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.1",
"status": "affected",
"version": "7.13.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.0",
"status": "affected",
"version": "7.13.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.3",
"status": "affected",
"version": "7.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.2",
"status": "affected",
"version": "7.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.1",
"status": "affected",
"version": "7.12.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.0",
"status": "affected",
"version": "7.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.2",
"status": "affected",
"version": "7.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "7.11.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.0",
"status": "affected",
"version": "7.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.8",
"status": "affected",
"version": "7.10.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.7",
"status": "affected",
"version": "7.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.6",
"status": "affected",
"version": "7.10.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.5",
"status": "affected",
"version": "7.10.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.4",
"status": "affected",
"version": "7.10.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.3",
"status": "affected",
"version": "7.10.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.2",
"status": "affected",
"version": "7.10.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.1",
"status": "affected",
"version": "7.10.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10",
"status": "affected",
"version": "7.10",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.8",
"status": "affected",
"version": "7.9.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.7",
"status": "affected",
"version": "7.9.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.6",
"status": "affected",
"version": "7.9.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.5",
"status": "affected",
"version": "7.9.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.4",
"status": "affected",
"version": "7.9.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.3",
"status": "affected",
"version": "7.9.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.2",
"status": "affected",
"version": "7.9.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9.1",
"status": "affected",
"version": "7.9.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.9",
"status": "affected",
"version": "7.9",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.8.1",
"status": "affected",
"version": "7.8.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.8",
"status": "affected",
"version": "7.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.7.3",
"status": "affected",
"version": "7.7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.7.2",
"status": "affected",
"version": "7.7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.7.1",
"status": "affected",
"version": "7.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.7",
"status": "affected",
"version": "7.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6.1",
"status": "affected",
"version": "7.6.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.6",
"status": "affected",
"version": "7.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.2",
"status": "affected",
"version": "7.5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5.1",
"status": "affected",
"version": "7.5.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.5",
"status": "affected",
"version": "7.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.2",
"status": "affected",
"version": "7.4.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4.1",
"status": "affected",
"version": "7.4.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.4",
"status": "affected",
"version": "7.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.3",
"status": "affected",
"version": "7.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2.1",
"status": "affected",
"version": "7.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.2",
"status": "affected",
"version": "7.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1.1",
"status": "affected",
"version": "7.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.1",
"status": "affected",
"version": "7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.2",
"status": "affected",
"version": "6.5.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5.1",
"status": "affected",
"version": "6.5.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.5",
"status": "affected",
"version": "6.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Harry Sintonen"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Stenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-11T07:34:29.539Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2024-11053.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2024-11053.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/2829063"
}
],
"title": "netrc and redirect credential leak"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2024-11053",
"datePublished": "2024-12-11T07:34:29.539Z",
"dateReserved": "2024-11-09T18:41:55.703Z",
"dateUpdated": "2025-11-03T20:36:27.027Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-13176 (GCVE-0-2024-13176)
Vulnerability from cvelistv5 – Published: 2025-01-20 13:29 – Updated: 2026-03-18 16:49
VLAI
EPSS
Title
Timing side-channel in ECDSA signature computation
Summary
Issue summary: A timing side-channel which could potentially allow recovering
the private key exists in the ECDSA signature computation.
Impact summary: A timing side-channel in ECDSA signature computations
could allow recovering the private key by an attacker. However, measuring
the timing would require either local access to the signing application or
a very fast network connection with low latency.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA nonce value is zero. This can happen with significant
probability only for some of the supported elliptic curves. In particular
the NIST P-521 curve is affected. To be able to measure this leak, the attacker
process must either be located in the same physical computer or must
have a very fast network connection with low latency. For that reason
the severity of this vulnerability is Low.
The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.
Severity
No CVSS data available.
CWE
- CWE-385 - Covert Timing Channel
Assigner
References
8 references
Impacted products
Date Public
2025-01-20 14:00
Credits
George Pantelakis (Red Hat)
Alicja Kario (Red Hat)
Tomáš Mráz
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T19:29:14.570Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/01/20/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250124-0005/"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250418-0010/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250502-0006/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "PHYSICAL",
"availabilityImpact": "LOW",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-13176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-27T20:21:21.345629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-27T20:25:45.572Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.4.1",
"status": "affected",
"version": "3.4.0",
"versionType": "semver"
},
{
"lessThan": "3.3.3",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.2.4",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThan": "3.1.8",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.0.16",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zb",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zl",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "George Pantelakis (Red Hat)"
},
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Alicja Kario (Red Hat)"
},
{
"lang": "en",
"type": "remediation developer",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Tom\u00e1\u0161 Mr\u00e1z"
}
],
"datePublic": "2025-01-20T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: A timing side-channel which could potentially allow recovering\u003cbr\u003ethe private key exists in the ECDSA signature computation.\u003cbr\u003e\u003cbr\u003eImpact summary: A timing side-channel in ECDSA signature computations\u003cbr\u003ecould allow recovering the private key by an attacker. However, measuring\u003cbr\u003ethe timing would require either local access to the signing application or\u003cbr\u003ea very fast network connection with low latency.\u003cbr\u003e\u003cbr\u003eThere is a timing signal of around 300 nanoseconds when the top word of\u003cbr\u003ethe inverted ECDSA nonce value is zero. This can happen with significant\u003cbr\u003eprobability only for some of the supported elliptic curves. In particular\u003cbr\u003ethe NIST P-521 curve is affected. To be able to measure this leak, the attacker\u003cbr\u003eprocess must either be located in the same physical computer or must\u003cbr\u003ehave a very fast network connection with low latency. For that reason\u003cbr\u003ethe severity of this vulnerability is Low.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue."
}
],
"value": "Issue summary: A timing side-channel which could potentially allow recovering\nthe private key exists in the ECDSA signature computation.\n\nImpact summary: A timing side-channel in ECDSA signature computations\ncould allow recovering the private key by an attacker. However, measuring\nthe timing would require either local access to the signing application or\na very fast network connection with low latency.\n\nThere is a timing signal of around 300 nanoseconds when the top word of\nthe inverted ECDSA nonce value is zero. This can happen with significant\nprobability only for some of the supported elliptic curves. In particular\nthe NIST P-521 curve is affected. To be able to measure this leak, the attacker\nprocess must either be located in the same physical computer or must\nhave a very fast network connection with low latency. For that reason\nthe severity of this vulnerability is Low.\n\nThe FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-385",
"description": "CWE-385 Covert Timing Channel",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-03-18T16:49:36.429Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20250120.txt"
},
{
"name": "3.4.1 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f"
},
{
"name": "3.3.3 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902"
},
{
"name": "3.2.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65"
},
{
"name": "3.1.8 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467"
},
{
"name": "3.0.16 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844"
},
{
"name": "1.1.1zb git commit",
"tags": [
"patch"
],
"url": "https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86"
},
{
"name": "1.0.2zl git commit",
"tags": [
"patch"
],
"url": "https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Timing side-channel in ECDSA signature computation",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2024-13176",
"datePublished": "2025-01-20T13:29:57.047Z",
"dateReserved": "2025-01-07T09:34:54.572Z",
"dateUpdated": "2026-03-18T16:49:36.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-50602 (GCVE-0-2024-50602)
Vulnerability from cvelistv5 – Published: 2024-10-27 00:00 – Updated: 2025-04-30 20:03
VLAI
EPSS
Summary
An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser.
Severity
5.9 (Medium)
CWE
- n/a
Assigner
References
1 reference
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:libexpat_project:libexpat:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "libexpat",
"vendor": "libexpat_project",
"versions": [
{
"lessThan": "2.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-50602",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T18:00:51.860291Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-754",
"description": "CWE-754 Improper Check for Unusual or Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:02:03.122Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-04-30T20:03:17.594Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250404-0008/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2025/04/msg00040.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in libexpat before 2.6.4. There is a crash within the XML_ResumeParser function because XML_StopParser can stop/suspend an unstarted parser."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-27T04:47:56.612Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/libexpat/libexpat/pull/915"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2024-50602",
"datePublished": "2024-10-27T00:00:00.000Z",
"dateReserved": "2024-10-27T00:00:00.000Z",
"dateUpdated": "2025-04-30T20:03:17.594Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8006 (GCVE-0-2024-8006)
Vulnerability from cvelistv5 – Published: 2024-08-30 23:53 – Updated: 2024-09-03 19:17
VLAI
EPSS
Title
NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support
Summary
Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence.
Severity
4.4 (Medium)
CWE
- CWE-476 - NULL Pointer Dereference
Assigner
References
2 references
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| The Tcpdump Group | libpcap |
Affected:
1.9.x
Affected: 1.10.x , ≤ 1.10.4 (semver) |
Credits
Flavio Toffalini
Nicolas Badoux
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8006",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-03T19:17:39.415802Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T19:17:49.301Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"remote packet capture"
],
"product": "libpcap",
"programRoutines": [
{
"name": "pcap_findalldevs_ex()"
}
],
"repo": "https://github.com/the-tcpdump-group/libpcap/",
"vendor": "The Tcpdump Group",
"versions": [
{
"status": "affected",
"version": "1.9.x"
},
{
"lessThanOrEqual": "1.10.4",
"status": "affected",
"version": "1.10.x",
"versionType": "semver"
}
]
}
],
"configurations": [
{
"lang": "en",
"value": "The problem is specific to the remote packet capture code, which is not enabled in the default build configuration."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Flavio Toffalini"
},
{
"lang": "en",
"type": "reporter",
"value": "Nicolas Badoux"
}
],
"descriptions": [
{
"lang": "en",
"value": "Remote packet capture support is disabled by default in libpcap. When a user builds libpcap with remote packet capture support enabled, one of the functions that become available is pcap_findalldevs_ex(). One of the function arguments can be a filesystem path, which normally means a directory with input data files. When the specified path cannot be used as a directory, the function receives NULL from opendir(), but does not check the return value and passes the NULL value to readdir(), which causes a NULL pointer derefence."
}
],
"exploits": [
{
"lang": "en",
"value": "A functional exploit exists."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476 NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-30T23:53:11.334Z",
"orgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
"shortName": "Tcpdump"
},
"references": [
{
"tags": [
"patch"
],
"url": "https://github.com/the-tcpdump-group/libpcap/commit/0f8a103469ce87d2b8d68c5130a46ddb7fb5eb29"
},
{
"tags": [
"patch"
],
"url": "https://github.com/the-tcpdump-group/libpcap/commit/8a633ee5b9ecd9d38a587ac9b204e2380713b0d6"
}
],
"solutions": [
{
"lang": "en",
"value": "Upgrade to libpcap 1.10.5."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "NULL pointer dereference in libpcap before 1.10.5 with remote packet capture support",
"workarounds": [
{
"lang": "en",
"value": "Do not build libpcap with remote packet capture support."
}
]
}
},
"cveMetadata": {
"assignerOrgId": "cfdbb673-b408-4d03-89c1-c3d73ed80896",
"assignerShortName": "Tcpdump",
"cveId": "CVE-2024-8006",
"datePublished": "2024-08-30T23:53:11.334Z",
"dateReserved": "2024-08-20T09:58:58.455Z",
"dateUpdated": "2024-09-03T19:17:49.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-8176 (GCVE-0-2024-8176)
Vulnerability from cvelistv5 – Published: 2025-03-14 08:19 – Updated: 2026-04-22 15:55
VLAI
EPSS
Title
Libexpat: expat: improper restriction of xml entity expansion depth in libexpat
Summary
A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage.
Severity
7.5 (High)
CWE
- CWE-674 - Uncontrolled Recursion
Assigner
References
23 references
Impacted products
45 products
| Vendor | Product | Version | |
|---|---|---|---|
|
Affected:
0 , < 2.7.0
(semver)
|
|||
| Red Hat | Red Hat Enterprise Linux 10 |
Unaffected:
0:2.7.1-1.el10_0 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:10.0 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:2.2.5-17.el8_10 , < *
(rpm)
cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8 |
Unaffected:
0:1.51.0-11.el8_10 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:8::crb cpe:/o:redhat:enterprise_linux:8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:2.2.10-1.el8_2 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.2 Advanced Update Support |
Unaffected:
0:1.51.0-5.el8_2.2 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.2::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:2.2.10-1.el8_4 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support |
Unaffected:
0:1.51.0-5.el8_4.2 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On |
Unaffected:
0:2.2.10-1.el8_4 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_eus_long_life:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Telecommunications Update Service |
Unaffected:
0:1.51.0-5.el8_4.2 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions |
Unaffected:
0:1.51.0-5.el8_4.2 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.4::baseos cpe:/o:redhat:rhel_tus:8.4::baseos cpe:/o:redhat:rhel_e4s:8.4::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:2.2.10-1.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support |
Unaffected:
0:1.51.0-6.el8_6.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:2.2.10-1.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Telecommunications Update Service |
Unaffected:
0:1.51.0-6.el8_6.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:2.2.10-1.el8_6 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions |
Unaffected:
0:1.51.0-6.el8_6.1 , < *
(rpm)
cpe:/o:redhat:rhel_aus:8.6::baseos cpe:/o:redhat:rhel_e4s:8.6::baseos cpe:/o:redhat:rhel_tus:8.6::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support |
Unaffected:
0:1.51.0-8.el8_8.1 , < *
(rpm)
cpe:/a:redhat:rhel_eus:8.8::crb cpe:/o:redhat:rhel_eus:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Telecommunications Update Service |
Unaffected:
0:2.2.10-1.el8_8 , < *
(rpm)
cpe:/o:redhat:rhel_tus:8.8::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions |
Unaffected:
0:2.2.10-1.el8_8 , < *
(rpm)
cpe:/o:redhat:rhel_tus:8.8::baseos cpe:/o:redhat:rhel_e4s:8.8::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:2.5.0-3.el9_5.3 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:2.5.0-5.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:2.5.0-3.el9_5.3 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9 |
Unaffected:
0:2.5.0-5.el9_6 , < *
(rpm)
cpe:/a:redhat:enterprise_linux:9::appstream cpe:/o:redhat:enterprise_linux:9::baseos |
|
| Red Hat | Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions |
Unaffected:
0:2.2.10-12.el9_0.4 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:9.0::baseos cpe:/a:redhat:rhel_e4s:9.0::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions |
Unaffected:
0:2.5.0-1.el9_2.3 , < *
(rpm)
cpe:/o:redhat:rhel_e4s:9.2::baseos cpe:/a:redhat:rhel_e4s:9.2::appstream |
|
| Red Hat | Red Hat Enterprise Linux 9.4 Extended Update Support |
Unaffected:
0:2.5.0-2.el9_4.3 , < *
(rpm)
cpe:/o:redhat:rhel_eus:9.4::baseos cpe:/a:redhat:rhel_eus:9.4::appstream |
|
| Red Hat | Red Hat JBoss Core Services 2.4.62.SP1 |
cpe:/a:redhat:jboss_core_services:1 |
|
| Red Hat | DevWorkspace Operator 0.33 |
Unaffected:
sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd , < *
(rpm)
cpe:/a:redhat:devworkspace:0.33::el9 |
|
| Red Hat | Red Hat Discovery 1.14 |
Unaffected:
sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c , < *
(rpm)
cpe:/a:redhat:discovery:1.14::el9 |
|
| Red Hat | Red Hat Discovery 1.14 |
Unaffected:
sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644 , < *
(rpm)
cpe:/a:redhat:discovery:1.14::el9 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 6 |
cpe:/o:redhat:enterprise_linux:6 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 7 |
cpe:/o:redhat:enterprise_linux:7 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 8 |
cpe:/o:redhat:enterprise_linux:8 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat Enterprise Linux 9 |
cpe:/o:redhat:enterprise_linux:9 |
|
| Red Hat | Red Hat OpenShift Container Platform 4 |
cpe:/a:redhat:openshift:4 |
Date Public
2025-03-13 13:51
Credits
This issue was discovered by Jann Horn (Google Project Zero), Sandipan Roy (Red Hat), Sebastian Pipping (libexpat), and Tomas Korbar (Red Hat).
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-8176",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-14T13:13:22.690073Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-14T13:14:00.908Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-04T21:09:04.638Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/03/15/1"
},
{
"url": "https://blog.hartwork.org/posts/expat-2-7-0-released/"
},
{
"url": "https://github.com/libexpat/libexpat/blob/R_2_7_0/expat/Changes#L40-L52"
},
{
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1239618"
},
{
"url": "https://ubuntu.com/security/CVE-2024-8176"
},
{
"url": "https://security-tracker.debian.org/tracker/CVE-2024-8176"
},
{
"url": "https://gitlab.alpinelinux.org/alpine/aports/-/commit/d068c3ff36fc6f4789988a09c69b434db757db53"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250328-0009/"
},
{
"url": "https://www.kb.cert.org/vuls/id/760160"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/12"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/11"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/10"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/7"
},
{
"url": "http://seclists.org/fulldisclosure/2025/May/6"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/09/24/11"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://github.com/libexpat/libexpat/",
"defaultStatus": "unaffected",
"packageName": "libexpat",
"versions": [
{
"lessThan": "2.7.0",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:10.0"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 10",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.7.1-1.el10_0",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.5-17.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:8::crb",
"cpe:/o:redhat:enterprise_linux:8::baseos"
],
"defaultStatus": "affected",
"packageName": "xmlrpc-c",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.51.0-11.el8_10",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.10-1.el8_2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.2::baseos"
],
"defaultStatus": "affected",
"packageName": "xmlrpc-c",
"product": "Red Hat Enterprise Linux 8.2 Advanced Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.51.0-5.el8_2.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.10-1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "xmlrpc-c",
"product": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.51.0-5.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_eus_long_life:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.10-1.el8_4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "xmlrpc-c",
"product": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.51.0-5.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.4::baseos",
"cpe:/o:redhat:rhel_tus:8.4::baseos",
"cpe:/o:redhat:rhel_e4s:8.4::baseos"
],
"defaultStatus": "affected",
"packageName": "xmlrpc-c",
"product": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.51.0-5.el8_4.2",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.10-1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "xmlrpc-c",
"product": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.51.0-6.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.10-1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "xmlrpc-c",
"product": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.51.0-6.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.10-1.el8_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_aus:8.6::baseos",
"cpe:/o:redhat:rhel_e4s:8.6::baseos",
"cpe:/o:redhat:rhel_tus:8.6::baseos"
],
"defaultStatus": "affected",
"packageName": "xmlrpc-c",
"product": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.51.0-6.el8_6.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:rhel_eus:8.8::crb",
"cpe:/o:redhat:rhel_eus:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "xmlrpc-c",
"product": "Red Hat Enterprise Linux 8.8 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:1.51.0-8.el8_8.1",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos",
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 8.8 Telecommunications Update Service",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.10-1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_tus:8.8::baseos",
"cpe:/o:redhat:rhel_e4s:8.8::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.10-1.el8_8",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.0-3.el9_5.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.0-5.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.0-3.el9_5.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:enterprise_linux:9::appstream",
"cpe:/o:redhat:enterprise_linux:9::baseos"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.0-5.el9_6",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.0::baseos",
"cpe:/a:redhat:rhel_e4s:9.0::appstream"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.2.10-12.el9_0.4",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_e4s:9.2::baseos",
"cpe:/a:redhat:rhel_e4s:9.2::appstream"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.0-1.el9_2.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:rhel_eus:9.4::baseos",
"cpe:/a:redhat:rhel_eus:9.4::appstream"
],
"defaultStatus": "affected",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 9.4 Extended Update Support",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "0:2.5.0-2.el9_4.3",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:jboss_core_services:1"
],
"defaultStatus": "unaffected",
"packageName": "expat",
"product": "Red Hat JBoss Core Services 2.4.62.SP1",
"vendor": "Red Hat"
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:devworkspace:0.33::el9"
],
"defaultStatus": "affected",
"packageName": "devworkspace/devworkspace-project-clone-rhel9",
"product": "DevWorkspace Operator 0.33",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:937e1dff95d06b971adee9aeb55e0e2e963b6b14594f30354bb9cdb039c081dd",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-server-rhel9",
"product": "Red Hat Discovery 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:ad1045aa0de937c3a6969ec377f7bfeda9a44ee434a954e8245e9840316ffc1c",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://catalog.redhat.com/software/containers/",
"cpes": [
"cpe:/a:redhat:discovery:1.14::el9"
],
"defaultStatus": "affected",
"packageName": "discovery/discovery-ui-rhel9",
"product": "Red Hat Discovery 1.14",
"vendor": "Red Hat",
"versions": [
{
"lessThan": "*",
"status": "unaffected",
"version": "sha256:492e412759cf0eedfa5b557f7b0865f8864f84d0ed75e11dc8d7a840837d9644",
"versionType": "rpm"
}
]
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "compat-expat1",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:6"
],
"defaultStatus": "unknown",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 6",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "expat",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "firefox",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:7"
],
"defaultStatus": "unknown",
"packageName": "thunderbird",
"product": "Red Hat Enterprise Linux 7",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "firefox",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "unaffected",
"packageName": "lua-expat",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "mingw-expat",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:8"
],
"defaultStatus": "affected",
"packageName": "thunderbird",
"product": "Red Hat Enterprise Linux 8",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "firefox",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "firefox:flatpak/firefox",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "thunderbird",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/o:redhat:enterprise_linux:9"
],
"defaultStatus": "affected",
"packageName": "thunderbird:flatpak/thunderbird",
"product": "Red Hat Enterprise Linux 9",
"vendor": "Red Hat"
},
{
"collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
"cpes": [
"cpe:/a:redhat:openshift:4"
],
"defaultStatus": "affected",
"packageName": "rhcos",
"product": "Red Hat OpenShift Container Platform 4",
"vendor": "Red Hat"
}
],
"credits": [
{
"lang": "en",
"value": "This issue was discovered by Jann Horn (Google Project Zero), Sandipan Roy (Red Hat), Sebastian Pipping (libexpat), and Tomas Korbar (Red Hat)."
}
],
"datePublic": "2025-03-13T13:51:54.957Z",
"descriptions": [
{
"lang": "en",
"value": "A stack overflow vulnerability exists in the libexpat library due to the way it handles recursive entity expansion in XML documents. When parsing an XML document with deeply nested entity references, libexpat can be forced to recurse indefinitely, exhausting the stack space and causing a crash. This issue could lead to denial of service (DoS) or, in some cases, exploitable memory corruption, depending on the environment and library usage."
}
],
"metrics": [
{
"other": {
"content": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"value": "Moderate"
},
"type": "Red Hat severity rating"
}
},
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS"
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-674",
"description": "Uncontrolled Recursion",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-22T15:55:39.568Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2025:13681",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:13681"
},
{
"name": "RHSA-2025:22033",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22033"
},
{
"name": "RHSA-2025:22034",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22034"
},
{
"name": "RHSA-2025:22035",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22035"
},
{
"name": "RHSA-2025:22607",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22607"
},
{
"name": "RHSA-2025:22785",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22785"
},
{
"name": "RHSA-2025:22842",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22842"
},
{
"name": "RHSA-2025:22871",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:22871"
},
{
"name": "RHSA-2025:3531",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3531"
},
{
"name": "RHSA-2025:3734",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3734"
},
{
"name": "RHSA-2025:3913",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:3913"
},
{
"name": "RHSA-2025:4048",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:4048"
},
{
"name": "RHSA-2025:4446",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:4446"
},
{
"name": "RHSA-2025:4447",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:4447"
},
{
"name": "RHSA-2025:4448",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:4448"
},
{
"name": "RHSA-2025:4449",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:4449"
},
{
"name": "RHSA-2025:7444",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7444"
},
{
"name": "RHSA-2025:7512",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:7512"
},
{
"name": "RHSA-2025:8385",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2025:8385"
},
{
"tags": [
"vdb-entry",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/CVE-2024-8176"
},
{
"name": "RHBZ#2310137",
"tags": [
"issue-tracking",
"x_refsource_REDHAT"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2310137"
},
{
"url": "https://github.com/libexpat/libexpat/issues/893"
},
{
"url": "https://github.com/libexpat/libexpat/pull/973"
}
],
"timeline": [
{
"lang": "en",
"time": "2024-06-12T00:00:00.000Z",
"value": "Reported to Red Hat."
},
{
"lang": "en",
"time": "2025-03-13T13:51:54.957Z",
"value": "Made public."
}
],
"title": "Libexpat: expat: improper restriction of xml entity expansion depth in libexpat",
"workarounds": [
{
"lang": "en",
"value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."
}
],
"x_generator": {
"engine": "cvelib 1.8.0"
},
"x_redhatCweChain": "CWE-674: Uncontrolled Recursion"
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2024-8176",
"datePublished": "2025-03-14T08:19:48.962Z",
"dateReserved": "2024-08-26T12:36:40.985Z",
"dateUpdated": "2026-04-22T15:55:39.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9143 (GCVE-0-2024-9143)
Vulnerability from cvelistv5 – Published: 2024-10-16 17:09 – Updated: 2026-05-12 11:43
VLAI
EPSS
Title
Low-level invalid GF(2^m) parameters lead to OOB memory access
Summary
Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted
explicit values for the field polynomial can lead to out-of-bounds memory reads
or writes.
Impact summary: Out of bound memory writes can lead to an application crash or
even a possibility of a remote code execution, however, in all the protocols
involving Elliptic Curve Cryptography that we're aware of, either only "named
curves" are supported, or, if explicit curve parameters are supported, they
specify an X9.62 encoding of binary (GF(2^m)) curves that can't represent
problematic input values. Thus the likelihood of existence of a vulnerable
application is low.
In particular, the X9.62 encoding is used for ECC keys in X.509 certificates,
so problematic inputs cannot occur in the context of processing X.509
certificates. Any problematic use-cases would have to be using an "exotic"
curve encoding.
The affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),
and various supporting BN_GF2m_*() functions.
Applications working with "exotic" explicit binary (GF(2^m)) curve parameters,
that make it possible to represent invalid field polynomials with a zero
constant term, via the above or similar APIs, may terminate abruptly as a
result of reading or writing outside of array bounds. Remote code execution
cannot easily be ruled out.
The FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue.
Severity
No CVSS data available.
Assigner
References
7 references
Impacted products
Date Public
2024-10-16 14:00
Credits
Google OSS-Fuzz-Gen
Viktor Dukhovni
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9143",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T19:45:11.544020Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T15:30:04.030Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-11-03T22:33:18.178Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/16/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/23/1"
},
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/24/1"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241101-0001/"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"defaultStatus": "unknown",
"product": "SIDIS Prime",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V4.0.700",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 TM MFP - GNU/Linux subsystem",
"vendor": "Siemens",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIMATIC S7-1500 CPU 1518F-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
},
{
"defaultStatus": "unknown",
"product": "SIPLUS S7-1500 CPU 1518-4 PN/DP MFP",
"vendor": "Siemens",
"versions": [
{
"lessThan": "V3.1.5",
"status": "affected",
"version": "V3.1.0",
"versionType": "custom"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-12T11:43:47.107Z",
"orgId": "0b142b55-0307-4c5a-b3c9-f314f3fb7c5e",
"shortName": "siemens-SADP"
},
"references": [
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-398330.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-265688.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-769027.html"
},
{
"url": "https://cert-portal.siemens.com/productcert/html/ssa-277137.html"
}
],
"x_adpType": "supplier"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "OpenSSL",
"vendor": "OpenSSL",
"versions": [
{
"lessThan": "3.3.3",
"status": "affected",
"version": "3.3.0",
"versionType": "semver"
},
{
"lessThan": "3.2.4",
"status": "affected",
"version": "3.2.0",
"versionType": "semver"
},
{
"lessThan": "3.1.8",
"status": "affected",
"version": "3.1.0",
"versionType": "semver"
},
{
"lessThan": "3.0.16",
"status": "affected",
"version": "3.0.0",
"versionType": "semver"
},
{
"lessThan": "1.1.1zb",
"status": "affected",
"version": "1.1.1",
"versionType": "custom"
},
{
"lessThan": "1.0.2zl",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Google OSS-Fuzz-Gen"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Viktor Dukhovni"
}
],
"datePublic": "2024-10-16T14:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted\u003cbr\u003eexplicit values for the field polynomial can lead to out-of-bounds memory reads\u003cbr\u003eor writes.\u003cbr\u003e\u003cbr\u003eImpact summary: Out of bound memory writes can lead to an application crash or\u003cbr\u003eeven a possibility of a remote code execution, however, in all the protocols\u003cbr\u003einvolving Elliptic Curve Cryptography that we\u0027re aware of, either only \"named\u003cbr\u003ecurves\" are supported, or, if explicit curve parameters are supported, they\u003cbr\u003especify an X9.62 encoding of binary (GF(2^m)) curves that can\u0027t represent\u003cbr\u003eproblematic input values. Thus the likelihood of existence of a vulnerable\u003cbr\u003eapplication is low.\u003cbr\u003e\u003cbr\u003eIn particular, the X9.62 encoding is used for ECC keys in X.509 certificates,\u003cbr\u003eso problematic inputs cannot occur in the context of processing X.509\u003cbr\u003ecertificates. Any problematic use-cases would have to be using an \"exotic\"\u003cbr\u003ecurve encoding.\u003cbr\u003e\u003cbr\u003eThe affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),\u003cbr\u003eand various supporting BN_GF2m_*() functions.\u003cbr\u003e\u003cbr\u003eApplications working with \"exotic\" explicit binary (GF(2^m)) curve parameters,\u003cbr\u003ethat make it possible to represent invalid field polynomials with a zero\u003cbr\u003econstant term, via the above or similar APIs, may terminate abruptly as a\u003cbr\u003eresult of reading or writing outside of array bounds. Remote code execution\u003cbr\u003ecannot easily be ruled out.\u003cbr\u003e\u003cbr\u003eThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
}
],
"value": "Issue summary: Use of the low-level GF(2^m) elliptic curve APIs with untrusted\nexplicit values for the field polynomial can lead to out-of-bounds memory reads\nor writes.\n\nImpact summary: Out of bound memory writes can lead to an application crash or\neven a possibility of a remote code execution, however, in all the protocols\ninvolving Elliptic Curve Cryptography that we\u0027re aware of, either only \"named\ncurves\" are supported, or, if explicit curve parameters are supported, they\nspecify an X9.62 encoding of binary (GF(2^m)) curves that can\u0027t represent\nproblematic input values. Thus the likelihood of existence of a vulnerable\napplication is low.\n\nIn particular, the X9.62 encoding is used for ECC keys in X.509 certificates,\nso problematic inputs cannot occur in the context of processing X.509\ncertificates. Any problematic use-cases would have to be using an \"exotic\"\ncurve encoding.\n\nThe affected APIs include: EC_GROUP_new_curve_GF2m(), EC_GROUP_new_from_params(),\nand various supporting BN_GF2m_*() functions.\n\nApplications working with \"exotic\" explicit binary (GF(2^m)) curve parameters,\nthat make it possible to represent invalid field polynomials with a zero\nconstant term, via the above or similar APIs, may terminate abruptly as a\nresult of reading or writing outside of array bounds. Remote code execution\ncannot easily be ruled out.\n\nThe FIPS modules in 3.3, 3.2, 3.1 and 3.0 are not affected by this issue."
}
],
"metrics": [
{
"format": "other",
"other": {
"content": {
"text": "Low"
},
"type": "https://openssl-library.org/policies/general/security-policy/"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-125",
"description": "CWE-125 Out-of-bounds Read",
"lang": "en",
"type": "CWE"
},
{
"cweId": "CWE-787",
"description": "CWE-787 Out-of-bounds Write",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-09-01T08:29:10.392Z",
"orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"shortName": "openssl"
},
"references": [
{
"name": "OpenSSL Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://openssl-library.org/news/secadv/20241016.txt"
},
{
"name": "3.3.3 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/c0d3e4d32d2805f49bec30547f225bc4d092e1f4"
},
{
"name": "3.2.4 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/bc7e04d7c8d509fb78fc0e285aa948fb0da04700"
},
{
"name": "3.1.8 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/fdf6723362ca51bd883295efe206cb5b1cfa5154"
},
{
"name": "3.0.16 git commit",
"tags": [
"patch"
],
"url": "https://github.com/openssl/openssl/commit/72ae83ad214d2eef262461365a1975707f862712"
},
{
"name": "1.1.1zb git commit",
"tags": [
"patch"
],
"url": "https://github.openssl.org/openssl/extended-releases/commit/8efc0cbaa8ebba8e116f7b81a876a4123594d86a"
},
{
"name": "1.0.2zl git commit",
"tags": [
"patch"
],
"url": "https://github.openssl.org/openssl/extended-releases/commit/9d576994cec2b7aa37a91740ea7e680810957e41"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Low-level invalid GF(2^m) parameters lead to OOB memory access",
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
"assignerShortName": "openssl",
"cveId": "CVE-2024-9143",
"datePublished": "2024-10-16T17:09:23.844Z",
"dateReserved": "2024-09-24T08:37:04.834Z",
"dateUpdated": "2026-05-12T11:43:47.107Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2024-9681 (GCVE-0-2024-9681)
Vulnerability from cvelistv5 – Published: 2024-11-06 07:47 – Updated: 2025-11-03 20:56
VLAI
EPSS
Title
HSTS subdomain overwrites parent cache entry
Summary
When curl is asked to use HSTS, the expiry time for a subdomain might
overwrite a parent domain's cache entry, making it end sooner or later than
otherwise intended.
This affects curl using applications that enable HSTS and use URLs with the
insecure `HTTP://` scheme and perform transfers with hosts like
`x.example.com` as well as `example.com` where the first host is a subdomain
of the second host.
(The HSTS cache either needs to have been populated manually or there needs to
have been previous HTTPS accesses done as the cache needs to have entries for
the domains involved to trigger this problem.)
When `x.example.com` responds with `Strict-Transport-Security:` headers, this
bug can make the subdomain's expiry timeout *bleed over* and get set for the
parent domain `example.com` in curl's HSTS cache.
The result of a triggered bug is that HTTP accesses to `example.com` get
converted to HTTPS for a different period of time than what was asked for by
the origin server. If `example.com` for example stops supporting HTTPS at its
expiry time, curl might then fail to access `http://example.com` until the
(wrongly set) timeout expires. This bug can also expire the parent's entry
*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier
than otherwise intended.
Severity
5.9 (Medium)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| curl | curl |
Affected:
8.10.1 , ≤ 8.10.1
(semver)
Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver) |
Credits
newfunction
Daniel Stenberg
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T20:56:39.087Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/11/06/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241213-0006/"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/13"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/10"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/9"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/8"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/5"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/4"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/12"
},
{
"url": "http://seclists.org/fulldisclosure/2025/Apr/11"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:curl:curl:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThan": "7.74.0",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.1",
"status": "affected",
"version": "7.74.0",
"versionType": "semver"
},
{
"lessThan": "*",
"status": "unaffected",
"version": "8.11.0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-9681",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-06T16:16:59.652768Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T17:09:00.777Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.10.1",
"status": "affected",
"version": "8.10.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.1",
"status": "affected",
"version": "8.9.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.0",
"status": "affected",
"version": "8.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.0",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.1",
"status": "affected",
"version": "8.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.0",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.0",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.4.0",
"status": "affected",
"version": "8.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.3.0",
"status": "affected",
"version": "8.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.1",
"status": "affected",
"version": "8.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2",
"status": "affected",
"version": "8.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.1",
"status": "affected",
"version": "8.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "8.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.1",
"status": "affected",
"version": "7.88.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.0",
"status": "affected",
"version": "7.88.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.87.0",
"status": "affected",
"version": "7.87.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.86.0",
"status": "affected",
"version": "7.86.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.85.0",
"status": "affected",
"version": "7.85.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.84.0",
"status": "affected",
"version": "7.84.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.1",
"status": "affected",
"version": "7.83.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.0",
"status": "affected",
"version": "7.83.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.82.0",
"status": "affected",
"version": "7.82.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.81.0",
"status": "affected",
"version": "7.81.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.80.0",
"status": "affected",
"version": "7.80.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.1",
"status": "affected",
"version": "7.79.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.0",
"status": "affected",
"version": "7.79.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.78.0",
"status": "affected",
"version": "7.78.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.77.0",
"status": "affected",
"version": "7.77.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.1",
"status": "affected",
"version": "7.76.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.0",
"status": "affected",
"version": "7.76.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.75.0",
"status": "affected",
"version": "7.75.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.74.0",
"status": "affected",
"version": "7.74.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "newfunction"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Stenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "When curl is asked to use HSTS, the expiry time for a subdomain might\noverwrite a parent domain\u0027s cache entry, making it end sooner or later than\notherwise intended.\n\nThis affects curl using applications that enable HSTS and use URLs with the\ninsecure `HTTP://` scheme and perform transfers with hosts like\n`x.example.com` as well as `example.com` where the first host is a subdomain\nof the second host.\n\n(The HSTS cache either needs to have been populated manually or there needs to\nhave been previous HTTPS accesses done as the cache needs to have entries for\nthe domains involved to trigger this problem.)\n\nWhen `x.example.com` responds with `Strict-Transport-Security:` headers, this\nbug can make the subdomain\u0027s expiry timeout *bleed over* and get set for the\nparent domain `example.com` in curl\u0027s HSTS cache.\n\nThe result of a triggered bug is that HTTP accesses to `example.com` get\nconverted to HTTPS for a different period of time than what was asked for by\nthe origin server. If `example.com` for example stops supporting HTTPS at its\nexpiry time, curl might then fail to access `http://example.com` until the\n(wrongly set) timeout expires. This bug can also expire the parent\u0027s entry\n*earlier*, thus making curl inadvertently switch back to insecure HTTP earlier\nthan otherwise intended."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-1025 Comparison Using Wrong Factors",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-06T07:47:20.162Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2024-9681.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2024-9681.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/2764830"
}
],
"title": "HSTS subdomain overwrites parent cache entry"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2024-9681",
"datePublished": "2024-11-06T07:47:20.162Z",
"dateReserved": "2024-10-09T07:57:47.318Z",
"dateUpdated": "2025-11-03T20:56:39.087Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-0167 (GCVE-0-2025-0167)
Vulnerability from cvelistv5 – Published: 2025-02-05 09:15 – Updated: 2025-03-07 00:10
VLAI
EPSS
Title
netrc and default credential leak
Summary
When asked to use a `.netrc` file for credentials **and** to follow HTTP
redirects, curl could leak the password used for the first host to the
followed-to host under certain circumstances.
This flaw only manifests itself if the netrc file has a `default` entry that
omits both login and password. A rare circumstance.
Severity
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| curl | curl |
Affected:
8.11.1 , ≤ 8.11.1
(semver)
Affected: 8.11.0 , ≤ 8.11.0 (semver) Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) |
Credits
Yihang Zhou
Daniel Stenberg
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.4,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-0167",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T15:52:41.551530Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-06T14:48:00.488Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://curl.se/docs/CVE-2025-0167.html"
}
],
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-03-07T00:10:48.290Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "https://security.netapp.com/advisory/ntap-20250306-0008/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.11.1",
"status": "affected",
"version": "8.11.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.0",
"status": "affected",
"version": "8.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.1",
"status": "affected",
"version": "8.10.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.1",
"status": "affected",
"version": "8.9.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.0",
"status": "affected",
"version": "8.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.0",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.1",
"status": "affected",
"version": "8.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.0",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.0",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.4.0",
"status": "affected",
"version": "8.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.3.0",
"status": "affected",
"version": "8.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.1",
"status": "affected",
"version": "8.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2",
"status": "affected",
"version": "8.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.1",
"status": "affected",
"version": "8.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "8.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.1",
"status": "affected",
"version": "7.88.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.0",
"status": "affected",
"version": "7.88.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.87.0",
"status": "affected",
"version": "7.87.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.86.0",
"status": "affected",
"version": "7.86.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.85.0",
"status": "affected",
"version": "7.85.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.84.0",
"status": "affected",
"version": "7.84.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.1",
"status": "affected",
"version": "7.83.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.0",
"status": "affected",
"version": "7.83.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.82.0",
"status": "affected",
"version": "7.82.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.81.0",
"status": "affected",
"version": "7.81.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.80.0",
"status": "affected",
"version": "7.80.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.1",
"status": "affected",
"version": "7.79.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.0",
"status": "affected",
"version": "7.79.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.78.0",
"status": "affected",
"version": "7.78.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.77.0",
"status": "affected",
"version": "7.77.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.1",
"status": "affected",
"version": "7.76.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.0",
"status": "affected",
"version": "7.76.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Yihang Zhou"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Stenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "When asked to use a `.netrc` file for credentials **and** to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has a `default` entry that\nomits both login and password. A rare circumstance."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T09:15:06.891Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2025-0167.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2025-0167.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/2917232"
}
],
"title": "netrc and default credential leak"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2025-0167",
"datePublished": "2025-02-05T09:15:06.891Z",
"dateReserved": "2024-12-31T23:07:29.650Z",
"dateUpdated": "2025-03-07T00:10:48.290Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2025-0725 (GCVE-0-2025-0725)
Vulnerability from cvelistv5 – Published: 2025-02-05 09:18 – Updated: 2025-06-12 16:04
VLAI
EPSS
Title
gzip integer overflow
Summary
When libcurl is asked to perform automatic gzip decompression of
content-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,
**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would
make libcurl perform a buffer overflow.
Severity
7.3 (High)
Assigner
References
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| curl | curl |
Affected:
8.11.1 , ≤ 8.11.1
(semver)
Affected: 8.11.0 , ≤ 8.11.0 (semver) Affected: 8.10.1 , ≤ 8.10.1 (semver) Affected: 8.10.0 , ≤ 8.10.0 (semver) Affected: 8.9.1 , ≤ 8.9.1 (semver) Affected: 8.9.0 , ≤ 8.9.0 (semver) Affected: 8.8.0 , ≤ 8.8.0 (semver) Affected: 8.7.1 , ≤ 8.7.1 (semver) Affected: 8.7.0 , ≤ 8.7.0 (semver) Affected: 8.6.0 , ≤ 8.6.0 (semver) Affected: 8.5.0 , ≤ 8.5.0 (semver) Affected: 8.4.0 , ≤ 8.4.0 (semver) Affected: 8.3.0 , ≤ 8.3.0 (semver) Affected: 8.2.1 , ≤ 8.2.1 (semver) Affected: 8.2.0 , ≤ 8.2.0 (semver) Affected: 8.1.2 , ≤ 8.1.2 (semver) Affected: 8.1.1 , ≤ 8.1.1 (semver) Affected: 8.1.0 , ≤ 8.1.0 (semver) Affected: 8.0.1 , ≤ 8.0.1 (semver) Affected: 8.0.0 , ≤ 8.0.0 (semver) Affected: 7.88.1 , ≤ 7.88.1 (semver) Affected: 7.88.0 , ≤ 7.88.0 (semver) Affected: 7.87.0 , ≤ 7.87.0 (semver) Affected: 7.86.0 , ≤ 7.86.0 (semver) Affected: 7.85.0 , ≤ 7.85.0 (semver) Affected: 7.84.0 , ≤ 7.84.0 (semver) Affected: 7.83.1 , ≤ 7.83.1 (semver) Affected: 7.83.0 , ≤ 7.83.0 (semver) Affected: 7.82.0 , ≤ 7.82.0 (semver) Affected: 7.81.0 , ≤ 7.81.0 (semver) Affected: 7.80.0 , ≤ 7.80.0 (semver) Affected: 7.79.1 , ≤ 7.79.1 (semver) Affected: 7.79.0 , ≤ 7.79.0 (semver) Affected: 7.78.0 , ≤ 7.78.0 (semver) Affected: 7.77.0 , ≤ 7.77.0 (semver) Affected: 7.76.1 , ≤ 7.76.1 (semver) Affected: 7.76.0 , ≤ 7.76.0 (semver) Affected: 7.75.0 , ≤ 7.75.0 (semver) Affected: 7.74.0 , ≤ 7.74.0 (semver) Affected: 7.73.0 , ≤ 7.73.0 (semver) Affected: 7.72.0 , ≤ 7.72.0 (semver) Affected: 7.71.1 , ≤ 7.71.1 (semver) Affected: 7.71.0 , ≤ 7.71.0 (semver) Affected: 7.70.0 , ≤ 7.70.0 (semver) Affected: 7.69.1 , ≤ 7.69.1 (semver) Affected: 7.69.0 , ≤ 7.69.0 (semver) Affected: 7.68.0 , ≤ 7.68.0 (semver) Affected: 7.67.0 , ≤ 7.67.0 (semver) Affected: 7.66.0 , ≤ 7.66.0 (semver) Affected: 7.65.3 , ≤ 7.65.3 (semver) Affected: 7.65.2 , ≤ 7.65.2 (semver) Affected: 7.65.1 , ≤ 7.65.1 (semver) Affected: 7.65.0 , ≤ 7.65.0 (semver) Affected: 7.64.1 , ≤ 7.64.1 (semver) Affected: 7.64.0 , ≤ 7.64.0 (semver) Affected: 7.63.0 , ≤ 7.63.0 (semver) Affected: 7.62.0 , ≤ 7.62.0 (semver) Affected: 7.61.1 , ≤ 7.61.1 (semver) Affected: 7.61.0 , ≤ 7.61.0 (semver) Affected: 7.60.0 , ≤ 7.60.0 (semver) Affected: 7.59.0 , ≤ 7.59.0 (semver) Affected: 7.58.0 , ≤ 7.58.0 (semver) Affected: 7.57.0 , ≤ 7.57.0 (semver) Affected: 7.56.1 , ≤ 7.56.1 (semver) Affected: 7.56.0 , ≤ 7.56.0 (semver) Affected: 7.55.1 , ≤ 7.55.1 (semver) Affected: 7.55.0 , ≤ 7.55.0 (semver) Affected: 7.54.1 , ≤ 7.54.1 (semver) Affected: 7.54.0 , ≤ 7.54.0 (semver) Affected: 7.53.1 , ≤ 7.53.1 (semver) Affected: 7.53.0 , ≤ 7.53.0 (semver) Affected: 7.52.1 , ≤ 7.52.1 (semver) Affected: 7.52.0 , ≤ 7.52.0 (semver) Affected: 7.51.0 , ≤ 7.51.0 (semver) Affected: 7.50.3 , ≤ 7.50.3 (semver) Affected: 7.50.2 , ≤ 7.50.2 (semver) Affected: 7.50.1 , ≤ 7.50.1 (semver) Affected: 7.50.0 , ≤ 7.50.0 (semver) Affected: 7.49.1 , ≤ 7.49.1 (semver) Affected: 7.49.0 , ≤ 7.49.0 (semver) Affected: 7.48.0 , ≤ 7.48.0 (semver) Affected: 7.47.1 , ≤ 7.47.1 (semver) Affected: 7.47.0 , ≤ 7.47.0 (semver) Affected: 7.46.0 , ≤ 7.46.0 (semver) Affected: 7.45.0 , ≤ 7.45.0 (semver) Affected: 7.44.0 , ≤ 7.44.0 (semver) Affected: 7.43.0 , ≤ 7.43.0 (semver) Affected: 7.42.1 , ≤ 7.42.1 (semver) Affected: 7.42.0 , ≤ 7.42.0 (semver) Affected: 7.41.0 , ≤ 7.41.0 (semver) Affected: 7.40.0 , ≤ 7.40.0 (semver) Affected: 7.39.0 , ≤ 7.39.0 (semver) Affected: 7.38.0 , ≤ 7.38.0 (semver) Affected: 7.37.1 , ≤ 7.37.1 (semver) Affected: 7.37.0 , ≤ 7.37.0 (semver) Affected: 7.36.0 , ≤ 7.36.0 (semver) Affected: 7.35.0 , ≤ 7.35.0 (semver) Affected: 7.34.0 , ≤ 7.34.0 (semver) Affected: 7.33.0 , ≤ 7.33.0 (semver) Affected: 7.32.0 , ≤ 7.32.0 (semver) Affected: 7.31.0 , ≤ 7.31.0 (semver) Affected: 7.30.0 , ≤ 7.30.0 (semver) Affected: 7.29.0 , ≤ 7.29.0 (semver) Affected: 7.28.1 , ≤ 7.28.1 (semver) Affected: 7.28.0 , ≤ 7.28.0 (semver) Affected: 7.27.0 , ≤ 7.27.0 (semver) Affected: 7.26.0 , ≤ 7.26.0 (semver) Affected: 7.25.0 , ≤ 7.25.0 (semver) Affected: 7.24.0 , ≤ 7.24.0 (semver) Affected: 7.23.1 , ≤ 7.23.1 (semver) Affected: 7.23.0 , ≤ 7.23.0 (semver) Affected: 7.22.0 , ≤ 7.22.0 (semver) Affected: 7.21.7 , ≤ 7.21.7 (semver) Affected: 7.21.6 , ≤ 7.21.6 (semver) Affected: 7.21.5 , ≤ 7.21.5 (semver) Affected: 7.21.4 , ≤ 7.21.4 (semver) Affected: 7.21.3 , ≤ 7.21.3 (semver) Affected: 7.21.2 , ≤ 7.21.2 (semver) Affected: 7.21.1 , ≤ 7.21.1 (semver) Affected: 7.21.0 , ≤ 7.21.0 (semver) Affected: 7.20.1 , ≤ 7.20.1 (semver) Affected: 7.20.0 , ≤ 7.20.0 (semver) Affected: 7.19.7 , ≤ 7.19.7 (semver) Affected: 7.19.6 , ≤ 7.19.6 (semver) Affected: 7.19.5 , ≤ 7.19.5 (semver) Affected: 7.19.4 , ≤ 7.19.4 (semver) Affected: 7.19.3 , ≤ 7.19.3 (semver) Affected: 7.19.2 , ≤ 7.19.2 (semver) Affected: 7.19.1 , ≤ 7.19.1 (semver) Affected: 7.19.0 , ≤ 7.19.0 (semver) Affected: 7.18.2 , ≤ 7.18.2 (semver) Affected: 7.18.1 , ≤ 7.18.1 (semver) Affected: 7.18.0 , ≤ 7.18.0 (semver) Affected: 7.17.1 , ≤ 7.17.1 (semver) Affected: 7.17.0 , ≤ 7.17.0 (semver) Affected: 7.16.4 , ≤ 7.16.4 (semver) Affected: 7.16.3 , ≤ 7.16.3 (semver) Affected: 7.16.2 , ≤ 7.16.2 (semver) Affected: 7.16.1 , ≤ 7.16.1 (semver) Affected: 7.16.0 , ≤ 7.16.0 (semver) Affected: 7.15.5 , ≤ 7.15.5 (semver) Affected: 7.15.4 , ≤ 7.15.4 (semver) Affected: 7.15.3 , ≤ 7.15.3 (semver) Affected: 7.15.2 , ≤ 7.15.2 (semver) Affected: 7.15.1 , ≤ 7.15.1 (semver) Affected: 7.15.0 , ≤ 7.15.0 (semver) Affected: 7.14.1 , ≤ 7.14.1 (semver) Affected: 7.14.0 , ≤ 7.14.0 (semver) Affected: 7.13.2 , ≤ 7.13.2 (semver) Affected: 7.13.1 , ≤ 7.13.1 (semver) Affected: 7.13.0 , ≤ 7.13.0 (semver) Affected: 7.12.3 , ≤ 7.12.3 (semver) Affected: 7.12.2 , ≤ 7.12.2 (semver) Affected: 7.12.1 , ≤ 7.12.1 (semver) Affected: 7.12.0 , ≤ 7.12.0 (semver) Affected: 7.11.2 , ≤ 7.11.2 (semver) Affected: 7.11.1 , ≤ 7.11.1 (semver) Affected: 7.11.0 , ≤ 7.11.0 (semver) Affected: 7.10.8 , ≤ 7.10.8 (semver) Affected: 7.10.7 , ≤ 7.10.7 (semver) Affected: 7.10.6 , ≤ 7.10.6 (semver) Affected: 7.10.5 , ≤ 7.10.5 (semver) |
Credits
z2_
Daniel Stenberg
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-06-12T16:04:29.956Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/05/3"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/06/2"
},
{
"url": "http://www.openwall.com/lists/oss-security/2025/02/06/4"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250306-0009/"
},
{
"url": "https://github.com/curl/curl/commit/76f83f0db23846e254d940ec7"
}
],
"title": "CVE Program Container",
"x_generator": {
"engine": "ADPogram 0.0.1"
}
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2025-0725",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-02-05T14:33:50.737849Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T14:34:15.390Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "curl",
"vendor": "curl",
"versions": [
{
"lessThanOrEqual": "8.11.1",
"status": "affected",
"version": "8.11.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.11.0",
"status": "affected",
"version": "8.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.1",
"status": "affected",
"version": "8.10.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.10.0",
"status": "affected",
"version": "8.10.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.1",
"status": "affected",
"version": "8.9.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.9.0",
"status": "affected",
"version": "8.9.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.8.0",
"status": "affected",
"version": "8.8.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.1",
"status": "affected",
"version": "8.7.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.7.0",
"status": "affected",
"version": "8.7.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.6.0",
"status": "affected",
"version": "8.6.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.5.0",
"status": "affected",
"version": "8.5.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.4.0",
"status": "affected",
"version": "8.4.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.3.0",
"status": "affected",
"version": "8.3.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.1",
"status": "affected",
"version": "8.2.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.2.0",
"status": "affected",
"version": "8.2.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.2",
"status": "affected",
"version": "8.1.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.1",
"status": "affected",
"version": "8.1.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.1.0",
"status": "affected",
"version": "8.1.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.1",
"status": "affected",
"version": "8.0.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "8.0.0",
"status": "affected",
"version": "8.0.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.1",
"status": "affected",
"version": "7.88.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.88.0",
"status": "affected",
"version": "7.88.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.87.0",
"status": "affected",
"version": "7.87.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.86.0",
"status": "affected",
"version": "7.86.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.85.0",
"status": "affected",
"version": "7.85.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.84.0",
"status": "affected",
"version": "7.84.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.1",
"status": "affected",
"version": "7.83.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.83.0",
"status": "affected",
"version": "7.83.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.82.0",
"status": "affected",
"version": "7.82.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.81.0",
"status": "affected",
"version": "7.81.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.80.0",
"status": "affected",
"version": "7.80.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.1",
"status": "affected",
"version": "7.79.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.79.0",
"status": "affected",
"version": "7.79.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.78.0",
"status": "affected",
"version": "7.78.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.77.0",
"status": "affected",
"version": "7.77.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.1",
"status": "affected",
"version": "7.76.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.76.0",
"status": "affected",
"version": "7.76.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.75.0",
"status": "affected",
"version": "7.75.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.74.0",
"status": "affected",
"version": "7.74.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.73.0",
"status": "affected",
"version": "7.73.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.72.0",
"status": "affected",
"version": "7.72.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.71.1",
"status": "affected",
"version": "7.71.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.71.0",
"status": "affected",
"version": "7.71.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.70.0",
"status": "affected",
"version": "7.70.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.69.1",
"status": "affected",
"version": "7.69.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.69.0",
"status": "affected",
"version": "7.69.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.68.0",
"status": "affected",
"version": "7.68.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.67.0",
"status": "affected",
"version": "7.67.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.66.0",
"status": "affected",
"version": "7.66.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.3",
"status": "affected",
"version": "7.65.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.2",
"status": "affected",
"version": "7.65.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.1",
"status": "affected",
"version": "7.65.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.65.0",
"status": "affected",
"version": "7.65.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.64.1",
"status": "affected",
"version": "7.64.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.64.0",
"status": "affected",
"version": "7.64.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.63.0",
"status": "affected",
"version": "7.63.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.62.0",
"status": "affected",
"version": "7.62.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.61.1",
"status": "affected",
"version": "7.61.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.61.0",
"status": "affected",
"version": "7.61.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.60.0",
"status": "affected",
"version": "7.60.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.59.0",
"status": "affected",
"version": "7.59.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.58.0",
"status": "affected",
"version": "7.58.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.57.0",
"status": "affected",
"version": "7.57.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.56.1",
"status": "affected",
"version": "7.56.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.56.0",
"status": "affected",
"version": "7.56.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.55.1",
"status": "affected",
"version": "7.55.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.55.0",
"status": "affected",
"version": "7.55.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.54.1",
"status": "affected",
"version": "7.54.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.54.0",
"status": "affected",
"version": "7.54.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.53.1",
"status": "affected",
"version": "7.53.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.53.0",
"status": "affected",
"version": "7.53.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.52.1",
"status": "affected",
"version": "7.52.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.52.0",
"status": "affected",
"version": "7.52.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.51.0",
"status": "affected",
"version": "7.51.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.3",
"status": "affected",
"version": "7.50.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.2",
"status": "affected",
"version": "7.50.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.1",
"status": "affected",
"version": "7.50.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.50.0",
"status": "affected",
"version": "7.50.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.49.1",
"status": "affected",
"version": "7.49.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.49.0",
"status": "affected",
"version": "7.49.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.48.0",
"status": "affected",
"version": "7.48.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.47.1",
"status": "affected",
"version": "7.47.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.47.0",
"status": "affected",
"version": "7.47.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.46.0",
"status": "affected",
"version": "7.46.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.45.0",
"status": "affected",
"version": "7.45.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.44.0",
"status": "affected",
"version": "7.44.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.43.0",
"status": "affected",
"version": "7.43.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.42.1",
"status": "affected",
"version": "7.42.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.42.0",
"status": "affected",
"version": "7.42.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.41.0",
"status": "affected",
"version": "7.41.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.40.0",
"status": "affected",
"version": "7.40.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.39.0",
"status": "affected",
"version": "7.39.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.38.0",
"status": "affected",
"version": "7.38.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.37.1",
"status": "affected",
"version": "7.37.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.37.0",
"status": "affected",
"version": "7.37.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.36.0",
"status": "affected",
"version": "7.36.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.35.0",
"status": "affected",
"version": "7.35.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.34.0",
"status": "affected",
"version": "7.34.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.33.0",
"status": "affected",
"version": "7.33.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.32.0",
"status": "affected",
"version": "7.32.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.31.0",
"status": "affected",
"version": "7.31.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.30.0",
"status": "affected",
"version": "7.30.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.29.0",
"status": "affected",
"version": "7.29.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.28.1",
"status": "affected",
"version": "7.28.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.28.0",
"status": "affected",
"version": "7.28.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.27.0",
"status": "affected",
"version": "7.27.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.26.0",
"status": "affected",
"version": "7.26.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.25.0",
"status": "affected",
"version": "7.25.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.24.0",
"status": "affected",
"version": "7.24.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.23.1",
"status": "affected",
"version": "7.23.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.23.0",
"status": "affected",
"version": "7.23.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.22.0",
"status": "affected",
"version": "7.22.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.7",
"status": "affected",
"version": "7.21.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.6",
"status": "affected",
"version": "7.21.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.5",
"status": "affected",
"version": "7.21.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.4",
"status": "affected",
"version": "7.21.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.3",
"status": "affected",
"version": "7.21.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.2",
"status": "affected",
"version": "7.21.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.1",
"status": "affected",
"version": "7.21.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.21.0",
"status": "affected",
"version": "7.21.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.20.1",
"status": "affected",
"version": "7.20.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.20.0",
"status": "affected",
"version": "7.20.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.7",
"status": "affected",
"version": "7.19.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.6",
"status": "affected",
"version": "7.19.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.5",
"status": "affected",
"version": "7.19.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.4",
"status": "affected",
"version": "7.19.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.3",
"status": "affected",
"version": "7.19.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.2",
"status": "affected",
"version": "7.19.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.1",
"status": "affected",
"version": "7.19.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.19.0",
"status": "affected",
"version": "7.19.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.2",
"status": "affected",
"version": "7.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.1",
"status": "affected",
"version": "7.18.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.18.0",
"status": "affected",
"version": "7.18.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.17.1",
"status": "affected",
"version": "7.17.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.17.0",
"status": "affected",
"version": "7.17.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.4",
"status": "affected",
"version": "7.16.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.3",
"status": "affected",
"version": "7.16.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.2",
"status": "affected",
"version": "7.16.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.1",
"status": "affected",
"version": "7.16.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.16.0",
"status": "affected",
"version": "7.16.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.5",
"status": "affected",
"version": "7.15.5",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.4",
"status": "affected",
"version": "7.15.4",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.3",
"status": "affected",
"version": "7.15.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.2",
"status": "affected",
"version": "7.15.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.1",
"status": "affected",
"version": "7.15.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.15.0",
"status": "affected",
"version": "7.15.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.14.1",
"status": "affected",
"version": "7.14.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.14.0",
"status": "affected",
"version": "7.14.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.2",
"status": "affected",
"version": "7.13.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.1",
"status": "affected",
"version": "7.13.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.13.0",
"status": "affected",
"version": "7.13.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.3",
"status": "affected",
"version": "7.12.3",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.2",
"status": "affected",
"version": "7.12.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.1",
"status": "affected",
"version": "7.12.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.12.0",
"status": "affected",
"version": "7.12.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.2",
"status": "affected",
"version": "7.11.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.1",
"status": "affected",
"version": "7.11.1",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.11.0",
"status": "affected",
"version": "7.11.0",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.8",
"status": "affected",
"version": "7.10.8",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.7",
"status": "affected",
"version": "7.10.7",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.6",
"status": "affected",
"version": "7.10.6",
"versionType": "semver"
},
{
"lessThanOrEqual": "7.10.5",
"status": "affected",
"version": "7.10.5",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "z2_"
},
{
"lang": "en",
"type": "remediation developer",
"value": "Daniel Stenberg"
}
],
"descriptions": [
{
"lang": "en",
"value": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-680 Integer Overflow to Buffer Overflow",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-02-05T09:18:20.468Z",
"orgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"shortName": "curl"
},
"references": [
{
"name": "json",
"url": "https://curl.se/docs/CVE-2025-0725.json"
},
{
"name": "www",
"url": "https://curl.se/docs/CVE-2025-0725.html"
},
{
"name": "issue",
"url": "https://hackerone.com/reports/2956023"
}
],
"title": "gzip integer overflow"
}
},
"cveMetadata": {
"assignerOrgId": "2499f714-1537-4658-8207-48ae4bb9eae9",
"assignerShortName": "curl",
"cveId": "CVE-2025-0725",
"datePublished": "2025-02-05T09:18:20.468Z",
"dateReserved": "2025-01-27T04:58:09.514Z",
"dateUpdated": "2025-06-12T16:04:29.956Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…