Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2015-3145 (GCVE-0-2015-3145)
Vulnerability from cvelistv5
Published
2015-04-24 14:00
Modified
2024-08-06 05:39
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:39:30.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "74303",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/74303"
},
{
"name": "FEDORA-2015-6853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"name": "DSA-3232",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://curl.haxx.se/docs/adv_20150422C.html"
},
{
"name": "FEDORA-2015-6712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
},
{
"name": "MDVSA-2015:219",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
},
{
"name": "USN-2591-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/USN-2591-1"
},
{
"name": "1032232",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1032232"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "openSUSE-SU-2015:0799",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://advisories.mageia.org/MGASA-2015-0179.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "GLSA-201509-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"name": "FEDORA-2015-6728",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"name": "FEDORA-2015-6695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"name": "FEDORA-2015-6864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-04-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T00:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "74303",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/74303"
},
{
"name": "FEDORA-2015-6853",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"name": "DSA-3232",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://curl.haxx.se/docs/adv_20150422C.html"
},
{
"name": "FEDORA-2015-6712",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
},
{
"name": "MDVSA-2015:219",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
},
{
"name": "USN-2591-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/USN-2591-1"
},
{
"name": "1032232",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1032232"
},
{
"name": "APPLE-SA-2015-08-13-2",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "openSUSE-SU-2015:0799",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://advisories.mageia.org/MGASA-2015-0179.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "GLSA-201509-02",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"name": "FEDORA-2015-6728",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"name": "FEDORA-2015-6695",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"name": "FEDORA-2015-6864",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74303"
},
{
"name": "FEDORA-2015-6853",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"name": "DSA-3232",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"name": "http://curl.haxx.se/docs/adv_20150422C.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20150422C.html"
},
{
"name": "FEDORA-2015-6712",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
},
{
"name": "MDVSA-2015:219",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
},
{
"name": "USN-2591-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2591-1"
},
{
"name": "1032232",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032232"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "openSUSE-SU-2015:0799",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0179.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0179.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "GLSA-201509-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"name": "FEDORA-2015-6728",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"name": "FEDORA-2015-6695",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"name": "FEDORA-2015-6864",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2015-3145",
"datePublished": "2015-04-24T14:00:00",
"dateReserved": "2015-04-10T00:00:00",
"dateUpdated": "2024-08-06T05:39:30.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2015-3145\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2015-04-24T14:59:10.157\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n sanitize_cookie_path en cURL y libcurl 7.31.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (escritura fuera de rango y ca\u00edda) o posiblemente tener otro impacto no especificado a trav\u00e9s de una ruta de cookie que contiene solamente un car\u00e1cter de comillas dobles.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56BDB5A0-0839-4A20-A003-B8CD56F48171\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"253C303A-E577-4488-93E6-68A8DD942C38\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*\",\"matchCriteriaId\":\"B5A6F2F3-4894-4392-8296-3B8DD2679084\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"49A63F39-30BE-443F-AF10-6245587D3359\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F38D3B7E-8429-473F-BB31-FC3583EE5A5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16F59A04-14CF-49E2-9973-645477EA09DA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5ECABFCB-0D02-4B5B-BB35-C6B3C0896348\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A5176F0-E62F-46FF-B536-DC0680696773\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"506A3761-3D24-43DB-88D8-4EB5B9E8BA5C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0B6EF8B0-0E86-449C-A500-ACD902A78C7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4D558CC2-0146-4887-834E-19FCB1D512A3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6931764D-16AB-4546-9CE3-5B4E03BC984A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FC1313E-8DCB-4B29-A9BC-A27C8CB360E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B27C2E02-5C0A-4A12-B0A6-5B1C0DFA94E9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFC7535F-B8C7-490F-A2F9-1DCFD41A3C9B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3CCBFE6D-F6A9-4394-9AF8-F830DC7E6A81\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5DEBBFCA-6A18-4F8F-B841-50255C952FA0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEEAE437-A645-468B-B283-44799658F534\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8A2286E-9D1C-4B56-8B40-150201B818AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AF9BC68-7F0D-4DF9-9CD8-6CE9844555C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D35FAC77-A0DD-4AF9-AA9E-A4B170842D2D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"831B1114-7CA7-43E3-9A15-592218060A1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E8B0A12E-E122-4189-A05E-4FEA43C19876\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"79A602C5-61FE-47BA-9786-F045B6C6DBA8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A3B6BFFB-7967-482C-9B49-4BD25C815299\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1791BF6D-2C96-4A6E-90D4-2906A73601F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"260DD751-4145-4B75-B892-5FC932C6A305\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EB1CB85-0A9B-4816-B471-278774EE6D4C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3831AB03-4E7E-476D-9623-58AADC188DFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABACE305-2F0C-4B59-BC5C-6DF162B450E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FAC1B55-F492-484E-B837-E7745682DE0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0D57914-B40A-462B-9C78-6433BE2B2DB4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9A12DF7-62C5-46AD-9236-E2821C64156E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C43697D-390A-4AC0-A5D8-62B6D22245BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D52E9E9F-7A35-4CB9-813E-5A1D4A36415C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"257291FB-969C-4413-BA81-806B5E1B40A7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"7.5.3.1\",\"matchCriteriaId\":\"D06BF4CE-299F-42E4-BA0A-5D68788C92DF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A10BC294-9196-425F-9FB0-B1625465B47F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03117DF1-3BEC-4B8D-AD63-DBBDB2126081\"}]}]}],\"references\":[{\"url\":\"http://advisories.mageia.org/MGASA-2015-0179.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://curl.haxx.se/docs/adv_20150422C.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3232\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:219\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74303\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1032232\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2591-1\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201509-02\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://advisories.mageia.org/MGASA-2015-0179.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://curl.haxx.se/docs/adv_20150422C.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2015/dsa-3232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2015:219\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/74303\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1032232\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.ubuntu.com/usn/USN-2591-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201509-02\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/kb/HT205031\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
}
}
var-201504-0149
Vulnerability from variot
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. cURL/libcURL are prone to a denial-of-service vulnerability. Attackers can exploit this issue to crash the affected application, denying service to legitimate users. Both Haxx curl and libcurl are products of the Swedish company Haxx. There is a security vulnerability in the 'sanitize_cookie_path' function of Haxx cURL and libcurl versions 7.31.0 to 7.41.0. The vulnerability is caused by the program not calculating the index correctly. ============================================================================ Ubuntu Security Notice USN-2591-1 April 30, 2015
curl vulnerabilities
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 15.04
- Ubuntu 14.10
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS
Summary:
Several security issues were fixed in curl.
Software Description: - curl: HTTP, HTTPS, and FTP client and client libraries
Details:
Paras Sethia discovered that curl could incorrectly re-use NTLM HTTP credentials when subsequently connecting to the same host over HTTP. (CVE-2015-3143)
Hanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3144)
Hanno B=C3=B6ck discovered that curl incorrectly handled cookie path elements. This issue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148)
Yehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers both to servers and proxies by default, contrary to expectations. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)
Update instructions:
The problem can be corrected by updating your system to the following package versions:
Ubuntu 15.04: libcurl3 7.38.0-3ubuntu2.2 libcurl3-gnutls 7.38.0-3ubuntu2.2 libcurl3-nss 7.38.0-3ubuntu2.2
Ubuntu 14.10: libcurl3 7.37.1-1ubuntu3.4 libcurl3-gnutls 7.37.1-1ubuntu3.4 libcurl3-nss 7.37.1-1ubuntu3.4
Ubuntu 14.04 LTS: libcurl3 7.35.0-1ubuntu2.5 libcurl3-gnutls 7.35.0-1ubuntu2.5 libcurl3-nss 7.35.0-1ubuntu2.5
Ubuntu 12.04 LTS: libcurl3 7.22.0-3ubuntu4.14 libcurl3-gnutls 7.22.0-3ubuntu4.14 libcurl3-nss 7.22.0-3ubuntu4.14
In general, a standard system update will make all the necessary changes.
References: http://www.ubuntu.com/usn/usn-2591-1 CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148, CVE-2015-3153
Package Information: https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2 https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4 https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5 https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14 . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201509-02
https://security.gentoo.org/
Severity: Normal Title: cURL: Multiple vulnerabilities Date: September 24, 2015 Bugs: #547376, #552618 ID: 201509-02
Synopsis
Multiple vulnerabilities have been found in cURL, the worst of which can allow remote attackers to cause Denial of Service condition.
Background
cURL is a tool and libcurl is a library for transferring data with URL syntax.
Affected packages
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-misc/curl < 7.43.0 >= 7.43.0
Description
Multiple vulnerabilities have been discovered in cURL. Please review the CVE identifiers referenced below for details.
Workaround
There is no known workaround at this time.
Resolution
All cURL users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=net-misc/curl-7.43.0"
References
[ 1 ] CVE-2015-3143 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143 [ 2 ] CVE-2015-3144 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144 [ 3 ] CVE-2015-3145 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145 [ 4 ] CVE-2015-3148 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148 [ 5 ] CVE-2015-3236 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236 [ 6 ] CVE-2015-3237 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
https://security.gentoo.org/glsa/201509-02
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s).
The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.
http://creativecommons.org/licenses/by-sa/2.5 . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Debian Security Advisory DSA-3232-1 security@debian.org http://www.debian.org/security/ Alessandro Ghedini April 22, 2015 http://www.debian.org/security/faq
Package : curl CVE ID : CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148
Several vulnerabilities were discovered in cURL, an URL transfer library:
CVE-2015-3143
NTLM-authenticated connections could be wrongly reused for requests
without any credentials set, leading to HTTP requests being sent
over the connection authenticated as a different user. This is
similar to the issue fixed in DSA-2849-1.
CVE-2015-3144
When parsing URLs with a zero-length hostname (such as "http://:80"),
libcurl would try to read from an invalid memory address. This
issue only affects the upcoming stable (jessie) and unstable (sid)
distributions.
CVE-2015-3145
When parsing HTTP cookies, if the parsed cookie's "path" element
consists of a single double-quote, libcurl would try to write to an
invalid heap memory address. This issue only affects the
upcoming stable (jessie) and unstable (sid) distributions.
CVE-2015-3148
When doing HTTP requests using the Negotiate authentication method
along with NTLM, the connection used would not be marked as
authenticated, making it possible to reuse it and send requests for
one user over the connection authenticated as a different user.
For the stable distribution (wheezy), these problems have been fixed in version 7.26.0-1+wheezy13.
For the upcoming stable distribution (jessie), these problems have been fixed in version 7.38.0-4+deb8u1.
For the unstable distribution (sid), these problems have been fixed in version 7.42.0-1.
We recommend that you upgrade your curl packages.
Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/
Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQIcBAEBCgAGBQJVN484AAoJEK+lG9bN5XPL5isP/2PLo2iCsaKPAl4FCMC7G8uj D3WJgAx3dID1+FwDU/2GX7L4Lb8u7iDGY7qVJV09cdYVJUb9U5hiHrrjthR3WMhi qpK+2d3RtbzdKb83RJ+Ye/Px0O3wBtO5WZ5o8fWoPHXMPZzo9bPuqBHtYciNrhea ot3fWCK6TWCazSx4wU2MSoDhmu+GjxUqAwI9XhzKi5ui4YuUDZIGAZXe2XSmpyZy KyMFSTaEMCg972rWXmBJfq6mbiEkkNWKfPCFvLmDJAQA9RR9f6euTo4BOV2/NpJ7 m0OhXwofCy/7TIontfO+j+rB0p3pVI2YEC9zSF7ITqggH47rVjkeEGEO+fDOEKJz QqiATeDY77z5WINVFFDukbw5lMy+os848+r8WbfhWv7PMozWncIjcSxzBkTvX3QY iG2khFbpEYXnBt/JFXnCtYVMO94KhAw8+9e0+mOZvexglEo/tIcsseK20eu8KDw0 pDPpuqvxYF47uQTts/kNVkC4Yk5ZdCnIzZCoUUbfJ/5Lo+8pRlUCd3aOgIAfwwp5 TPXdTLr3cLajVBPWUwRolvuQD7fdht0294UlKZwGhXlYJ9UwqDVfYwAoc2KVt4hI mRMbBRdyy+LVzIOMXqYgOU0njpTZj+lTAWZkbeVmdMMUU/u0l2peGabJUbUmk35j 3UCM8MZyw4I0qI5KGlL1 =FvPw -----END PGP SIGNATURE----- .
Here are the details from the Slackware 14.1 ChangeLog: +--------------------------+ patches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237 ( Security fix ) +--------------------------+
Where to find the new packages: +-----------------------------+
Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-)
Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you.
Updated package for Slackware 13.0: ftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz
Updated package for Slackware x86_64 13.0: ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz
Updated package for Slackware 13.1: ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz
Updated package for Slackware x86_64 13.1: ftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz
Updated package for Slackware 13.37: ftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz
Updated package for Slackware x86_64 13.37: ftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz
Updated package for Slackware 14.0: ftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz
Updated package for Slackware x86_64 14.0: ftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz
Updated package for Slackware 14.1: ftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz
Updated package for Slackware x86_64 14.1: ftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz
Updated package for Slackware -current: ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz
Updated package for Slackware x86_64 -current: ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz
MD5 signatures: +-------------+
Slackware 13.0 package: e9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz
Slackware x86_64 13.0 package: 5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz
Slackware 13.1 package: 9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz
Slackware x86_64 13.1 package: 7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz
Slackware 13.37 package: 00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz
Slackware x86_64 13.37 package: 23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz
Slackware 14.0 package: 76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz
Slackware x86_64 14.0 package: daf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz
Slackware 14.1 package: 8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz
Slackware x86_64 14.1 package: 763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz
Slackware -current package: 0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz
Slackware x86_64 -current package: 4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz
Installation instructions: +------------------------+
Upgrade the package as root:
upgradepkg curl-7.45.0-i486-1_slack14.1.txz
+-----+
Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com
+------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148 http://advisories.mageia.org/MGASA-2015-0179.html
Updated Packages:
Mandriva Business Server 2/X86_64: b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm 545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm 489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm 7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm
To upgrade automatically use MandrivaUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you.
All packages are signed by Mandriva for security
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201504-0149",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "fedora",
"scope": "eq",
"trust": 1.6,
"vendor": "fedoraproject",
"version": "22"
},
{
"model": "fedora",
"scope": "eq",
"trust": 1.6,
"vendor": "fedoraproject",
"version": "21"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.4"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.2"
},
{
"model": "opensuse",
"scope": "eq",
"trust": 1.0,
"vendor": "opensuse",
"version": "13.1"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.10"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.33.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.32.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.2"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.34.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.33.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.32.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.1"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.39"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "14.04"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.34.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "15.04"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.3"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.35.0"
},
{
"model": "ubuntu linux",
"scope": "eq",
"trust": 1.0,
"vendor": "canonical",
"version": "12.04"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.35.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.10.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.36.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.37.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.36.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 1.0,
"vendor": "debian",
"version": "7.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.40.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.31.0"
},
{
"model": "solaris",
"scope": "eq",
"trust": 1.0,
"vendor": "oracle",
"version": "11.3"
},
{
"model": "system management homepage",
"scope": "lte",
"trust": 1.0,
"vendor": "hp",
"version": "7.5.3.1"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.39.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.31.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.30.0"
},
{
"model": "curl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 1.0,
"vendor": "haxx",
"version": "7.38.0"
},
{
"model": "ubuntu",
"scope": null,
"trust": 0.8,
"vendor": "canonical",
"version": null
},
{
"model": "gnu/linux",
"scope": "eq",
"trust": 0.8,
"vendor": "debian",
"version": "7.0"
},
{
"model": "fedora",
"scope": null,
"trust": 0.8,
"vendor": "fedora",
"version": null
},
{
"model": "curl",
"scope": "eq",
"trust": 0.8,
"vendor": "haxx",
"version": "7.31.0 to 7.41.0"
},
{
"model": "libcurl",
"scope": "eq",
"trust": 0.8,
"vendor": "haxx",
"version": "7.31.0 to 7.41.0"
},
{
"model": "opensuse",
"scope": null,
"trust": 0.8,
"vendor": "opensuse",
"version": null
},
{
"model": "mac os x",
"scope": "eq",
"trust": 0.8,
"vendor": "apple",
"version": "10.10 to 10.10.4"
},
{
"model": "system management homepage",
"scope": null,
"trust": 0.8,
"vendor": "hewlett packard",
"version": null
},
{
"model": "linux x86 64 -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.37"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.1"
},
{
"model": "linux x86 64",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "linux",
"scope": "eq",
"trust": 0.3,
"vendor": "slackware",
"version": "13.0"
},
{
"model": "linux -current",
"scope": null,
"trust": 0.3,
"vendor": "slackware",
"version": null
},
{
"model": "linux",
"scope": null,
"trust": 0.3,
"vendor": "gentoo",
"version": null
},
{
"model": "linux sparc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux s/390",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux powerpc",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux mips",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux ia-32",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux arm",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
},
{
"model": "linux amd64",
"scope": "eq",
"trust": 0.3,
"vendor": "debian",
"version": "6.0"
}
],
"sources": [
{
"db": "BID",
"id": "74303"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:canonical:ubuntu",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:debian:debian_linux",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:fedoraproject:fedora",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:haxx:curl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:haxx:libcurl",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:opensuse_project:opensuse",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/o:apple:mac_os_x",
"vulnerable": true
},
{
"cpe22Uri": "cpe:/a:hp:system_management_homepage",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Hanno B\u0026amp;amp;ouml;ck",
"sources": [
{
"db": "BID",
"id": "74303"
}
],
"trust": 0.3
},
"cve": "CVE-2015-3145",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "CVE-2015-3145",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 1.9,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-81106",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2015-3145",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "NVD",
"id": "CVE-2015-3145",
"trust": 0.8,
"value": "High"
},
{
"author": "CNNVD",
"id": "CNNVD-201504-502",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-81106",
"trust": 0.1,
"value": "HIGH"
},
{
"author": "VULMON",
"id": "CVE-2015-3145",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character. cURL/libcURL are prone to a denial-of-service vulnerability. \nAttackers can exploit this issue to crash the affected application, denying service to legitimate users. Both Haxx curl and libcurl are products of the Swedish company Haxx. There is a security vulnerability in the \u0027sanitize_cookie_path\u0027 function of Haxx cURL and libcurl versions 7.31.0 to 7.41.0. The vulnerability is caused by the program not calculating the index correctly. ============================================================================\nUbuntu Security Notice USN-2591-1\nApril 30, 2015\n\ncurl vulnerabilities\n============================================================================\n\nA security issue affects these releases of Ubuntu and its derivatives:\n\n- Ubuntu 15.04\n- Ubuntu 14.10\n- Ubuntu 14.04 LTS\n- Ubuntu 12.04 LTS\n\nSummary:\n\nSeveral security issues were fixed in curl. \n\nSoftware Description:\n- curl: HTTP, HTTPS, and FTP client and client libraries\n\nDetails:\n\nParas Sethia discovered that curl could incorrectly re-use NTLM HTTP\ncredentials when subsequently connecting to the same host over HTTP. \n(CVE-2015-3143)\n\nHanno B=C3=B6ck discovered that curl incorrectly handled zero-length host names. This issue only affected Ubuntu 14.10 and Ubuntu 15.04. \n(CVE-2015-3144)\n\nHanno B=C3=B6ck discovered that curl incorrectly handled cookie path elements. This\nissue only affected Ubuntu 14.04 LTS, Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3148)\n\nYehezkel Horowitz and Oren Souroujon discovered that curl sent HTTP headers\nboth to servers and proxies by default, contrary to expectations. This\nissue only affected Ubuntu 14.10 and Ubuntu 15.04. (CVE-2015-3153)\n\nUpdate instructions:\n\nThe problem can be corrected by updating your system to the following\npackage versions:\n\nUbuntu 15.04:\n libcurl3 7.38.0-3ubuntu2.2\n libcurl3-gnutls 7.38.0-3ubuntu2.2\n libcurl3-nss 7.38.0-3ubuntu2.2\n\nUbuntu 14.10:\n libcurl3 7.37.1-1ubuntu3.4\n libcurl3-gnutls 7.37.1-1ubuntu3.4\n libcurl3-nss 7.37.1-1ubuntu3.4\n\nUbuntu 14.04 LTS:\n libcurl3 7.35.0-1ubuntu2.5\n libcurl3-gnutls 7.35.0-1ubuntu2.5\n libcurl3-nss 7.35.0-1ubuntu2.5\n\nUbuntu 12.04 LTS:\n libcurl3 7.22.0-3ubuntu4.14\n libcurl3-gnutls 7.22.0-3ubuntu4.14\n libcurl3-nss 7.22.0-3ubuntu4.14\n\nIn general, a standard system update will make all the necessary changes. \n\nReferences:\n http://www.ubuntu.com/usn/usn-2591-1\n CVE-2015-3143, CVE-2015-3144, CVE-2015-3145, CVE-2015-3148,\n CVE-2015-3153\n\nPackage Information:\n https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2\n https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4\n https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5\n https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14\n. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory GLSA 201509-02\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n Title: cURL: Multiple vulnerabilities\n Date: September 24, 2015\n Bugs: #547376, #552618\n ID: 201509-02\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in cURL, the worst of which\ncan allow remote attackers to cause Denial of Service condition. \n\nBackground\n==========\n\ncURL is a tool and libcurl is a library for transferring data with URL\nsyntax. \n\nAffected packages\n=================\n\n -------------------------------------------------------------------\n Package / Vulnerable / Unaffected\n -------------------------------------------------------------------\n 1 net-misc/curl \u003c 7.43.0 \u003e= 7.43.0\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in cURL. Please review\nthe CVE identifiers referenced below for details. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll cURL users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose \"\u003e=net-misc/curl-7.43.0\"\n\nReferences\n==========\n\n[ 1 ] CVE-2015-3143\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3143\n[ 2 ] CVE-2015-3144\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3144\n[ 3 ] CVE-2015-3145\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3145\n[ 4 ] CVE-2015-3148\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3148\n[ 5 ] CVE-2015-3236\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3236\n[ 6 ] CVE-2015-3237\n http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3237\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/201509-02\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2015 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttp://creativecommons.org/licenses/by-sa/2.5\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA512\n\n- -------------------------------------------------------------------------\nDebian Security Advisory DSA-3232-1 security@debian.org\nhttp://www.debian.org/security/ Alessandro Ghedini\nApril 22, 2015 http://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : curl\nCVE ID : CVE-2015-3143 CVE-2015-3144 CVE-2015-3145 CVE-2015-3148\n\nSeveral vulnerabilities were discovered in cURL, an URL transfer library:\n\nCVE-2015-3143\n\n NTLM-authenticated connections could be wrongly reused for requests\n without any credentials set, leading to HTTP requests being sent\n over the connection authenticated as a different user. This is\n similar to the issue fixed in DSA-2849-1. \n\nCVE-2015-3144\n\n When parsing URLs with a zero-length hostname (such as \"http://:80\"),\n libcurl would try to read from an invalid memory address. This\n issue only affects the upcoming stable (jessie) and unstable (sid)\n distributions. \n\nCVE-2015-3145\n\n When parsing HTTP cookies, if the parsed cookie\u0027s \"path\" element\n consists of a single double-quote, libcurl would try to write to an\n invalid heap memory address. This issue only affects the\n upcoming stable (jessie) and unstable (sid) distributions. \n\nCVE-2015-3148\n\n When doing HTTP requests using the Negotiate authentication method\n along with NTLM, the connection used would not be marked as\n authenticated, making it possible to reuse it and send requests for\n one user over the connection authenticated as a different user. \n\nFor the stable distribution (wheezy), these problems have been fixed in\nversion 7.26.0-1+wheezy13. \n\nFor the upcoming stable distribution (jessie), these problems have been\nfixed in version 7.38.0-4+deb8u1. \n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 7.42.0-1. \n\nWe recommend that you upgrade your curl packages. \n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIcBAEBCgAGBQJVN484AAoJEK+lG9bN5XPL5isP/2PLo2iCsaKPAl4FCMC7G8uj\nD3WJgAx3dID1+FwDU/2GX7L4Lb8u7iDGY7qVJV09cdYVJUb9U5hiHrrjthR3WMhi\nqpK+2d3RtbzdKb83RJ+Ye/Px0O3wBtO5WZ5o8fWoPHXMPZzo9bPuqBHtYciNrhea\not3fWCK6TWCazSx4wU2MSoDhmu+GjxUqAwI9XhzKi5ui4YuUDZIGAZXe2XSmpyZy\nKyMFSTaEMCg972rWXmBJfq6mbiEkkNWKfPCFvLmDJAQA9RR9f6euTo4BOV2/NpJ7\nm0OhXwofCy/7TIontfO+j+rB0p3pVI2YEC9zSF7ITqggH47rVjkeEGEO+fDOEKJz\nQqiATeDY77z5WINVFFDukbw5lMy+os848+r8WbfhWv7PMozWncIjcSxzBkTvX3QY\niG2khFbpEYXnBt/JFXnCtYVMO94KhAw8+9e0+mOZvexglEo/tIcsseK20eu8KDw0\npDPpuqvxYF47uQTts/kNVkC4Yk5ZdCnIzZCoUUbfJ/5Lo+8pRlUCd3aOgIAfwwp5\nTPXdTLr3cLajVBPWUwRolvuQD7fdht0294UlKZwGhXlYJ9UwqDVfYwAoc2KVt4hI\nmRMbBRdyy+LVzIOMXqYgOU0njpTZj+lTAWZkbeVmdMMUU/u0l2peGabJUbUmk35j\n3UCM8MZyw4I0qI5KGlL1\n=FvPw\n-----END PGP SIGNATURE-----\n. \n\n\nHere are the details from the Slackware 14.1 ChangeLog:\n+--------------------------+\npatches/packages/curl-7.45.0-i486-1_slack14.1.txz: Upgraded. \n For more information, see:\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3144\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3236\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3237\n (* Security fix *)\n+--------------------------+\n\n\nWhere to find the new packages:\n+-----------------------------+\n\nThanks to the friendly folks at the OSU Open Source Lab\n(http://osuosl.org) for donating FTP and rsync hosting\nto the Slackware project! :-)\n\nAlso see the \"Get Slack\" section on http://slackware.com for\nadditional mirror sites near you. \n\nUpdated package for Slackware 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware-13.0/patches/packages/curl-7.45.0-i486-1_slack13.0.txz\n\nUpdated package for Slackware x86_64 13.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/packages/curl-7.45.0-x86_64-1_slack13.0.txz\n\nUpdated package for Slackware 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/curl-7.45.0-i486-1_slack13.1.txz\n\nUpdated package for Slackware x86_64 13.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.1/patches/packages/curl-7.45.0-x86_64-1_slack13.1.txz\n\nUpdated package for Slackware 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware-13.37/patches/packages/curl-7.45.0-i486-1_slack13.37.txz\n\nUpdated package for Slackware x86_64 13.37:\nftp://ftp.slackware.com/pub/slackware/slackware64-13.37/patches/packages/curl-7.45.0-x86_64-1_slack13.37.txz\n\nUpdated package for Slackware 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware-14.0/patches/packages/curl-7.45.0-i486-1_slack14.0.txz\n\nUpdated package for Slackware x86_64 14.0:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.0/patches/packages/curl-7.45.0-x86_64-1_slack14.0.txz\n\nUpdated package for Slackware 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware-14.1/patches/packages/curl-7.45.0-i486-1_slack14.1.txz\n\nUpdated package for Slackware x86_64 14.1:\nftp://ftp.slackware.com/pub/slackware/slackware64-14.1/patches/packages/curl-7.45.0-x86_64-1_slack14.1.txz\n\nUpdated package for Slackware -current:\nftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/n/curl-7.45.0-i586-1.txz\n\nUpdated package for Slackware x86_64 -current:\nftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/n/curl-7.45.0-x86_64-1.txz\n\n\nMD5 signatures:\n+-------------+\n\nSlackware 13.0 package:\ne9307566f43c3c12ac72f12cea688741 curl-7.45.0-i486-1_slack13.0.txz\n\nSlackware x86_64 13.0 package:\n5fe5a7733ce969f8f468c6b03cf6b1f7 curl-7.45.0-x86_64-1_slack13.0.txz\n\nSlackware 13.1 package:\n9d3d5ccbae7284c84c4667885bf9fd0d curl-7.45.0-i486-1_slack13.1.txz\n\nSlackware x86_64 13.1 package:\n7e7f04d3de8d34b8b082729ceaa53ba9 curl-7.45.0-x86_64-1_slack13.1.txz\n\nSlackware 13.37 package:\n00bd418a8607ea74d1986c08d5358052 curl-7.45.0-i486-1_slack13.37.txz\n\nSlackware x86_64 13.37 package:\n23e7da7ab6846fed5d18b5f5399ac400 curl-7.45.0-x86_64-1_slack13.37.txz\n\nSlackware 14.0 package:\n76f010b92c755f16f19840723d845e21 curl-7.45.0-i486-1_slack14.0.txz\n\nSlackware x86_64 14.0 package:\ndaf0b67147a50e44d89f8852632fcdf7 curl-7.45.0-x86_64-1_slack14.0.txz\n\nSlackware 14.1 package:\n8c2a5796d4a4ce840a767423667eb97b curl-7.45.0-i486-1_slack14.1.txz\n\nSlackware x86_64 14.1 package:\n763157115101b63867217707ff4a9021 curl-7.45.0-x86_64-1_slack14.1.txz\n\nSlackware -current package:\n0c2d192aff4af6f74281a1d724d31ce3 n/curl-7.45.0-i586-1.txz\n\nSlackware x86_64 -current package:\n4791e2bb2afd43ec0642d94e22259e81 n/curl-7.45.0-x86_64-1.txz\n\n\nInstallation instructions:\n+------------------------+\n\nUpgrade the package as root:\n# upgradepkg curl-7.45.0-i486-1_slack14.1.txz\n\n\n+-----+\n\nSlackware Linux Security Team\nhttp://slackware.com/gpg-key\nsecurity@slackware.com\n\n+------------------------------------------------------------------------+\n| To leave the slackware-security mailing list: |\n+------------------------------------------------------------------------+\n| Send an email to majordomo@slackware.com with this text in the body of |\n| the email message: |\n| |\n| unsubscribe slackware-security |\n| |\n| You will get a confirmation message back containing instructions to |\n| complete the process. Please do not reply to this email address. \n _______________________________________________________________________\n\n References:\n\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3143\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3145\n http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3148\n http://advisories.mageia.org/MGASA-2015-0179.html\n _______________________________________________________________________\n\n Updated Packages:\n\n Mandriva Business Server 2/X86_64:\n b393afe9953fd43da5f93c4451f4f84d mbs2/x86_64/curl-7.34.0-3.2.mbs2.x86_64.rpm\n 545e67ed6bcaa35849991a672247aaec mbs2/x86_64/curl-examples-7.34.0-3.2.mbs2.noarch.rpm\n 489d8f2de0435424263da4be0dd0280d mbs2/x86_64/lib64curl4-7.34.0-3.2.mbs2.x86_64.rpm\n f0e972e99602adee6f11ae901daedc39 mbs2/x86_64/lib64curl-devel-7.34.0-3.2.mbs2.x86_64.rpm \n 7dfe1a041b36ad253d3e609a1ee5a089 mbs2/SRPMS/curl-7.34.0-3.2.mbs2.src.rpm\n _______________________________________________________________________\n\n To upgrade automatically use MandrivaUpdate or urpmi. The verification\n of md5 checksums and GPG signatures is performed automatically for you. \n\n All packages are signed by Mandriva for security",
"sources": [
{
"db": "NVD",
"id": "CVE-2015-3145"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "BID",
"id": "74303"
},
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "131727"
}
],
"trust": 2.52
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2015-3145",
"trust": 3.4
},
{
"db": "BID",
"id": "74303",
"trust": 1.5
},
{
"db": "JUNIPER",
"id": "JSA10743",
"trust": 1.5
},
{
"db": "SECTRACK",
"id": "1032232",
"trust": 1.2
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502",
"trust": 0.7
},
{
"db": "SECUNIA",
"id": "64164",
"trust": 0.6
},
{
"db": "SECUNIA",
"id": "64284",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-81106",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2015-3145",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131699",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "133700",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131588",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "134138",
"trust": 0.1
},
{
"db": "PACKETSTORM",
"id": "131727",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "BID",
"id": "74303"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "131727"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"id": "VAR-201504-0149",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-81106"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T19:47:13.093000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "APPLE-SA-2015-08-13-2 OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.8,
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT205031"
},
{
"title": "HT205031",
"trust": 0.8,
"url": "https://support.apple.com/ja-jp/HT205031"
},
{
"title": "DSA-3232",
"trust": 0.8,
"url": "https://www.debian.org/security/2015/dsa-3232"
},
{
"title": "FEDORA-2015-6695",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"title": "FEDORA-2015-6728",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
},
{
"title": "FEDORA-2015-6853",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"title": "FEDORA-2015-6864",
"trust": 0.8,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"title": "HPSBMU03546",
"trust": 0.8,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"title": "openSUSE-SU-2015:0799",
"trust": 0.8,
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"title": "cookie parser out of boundary memory access",
"trust": 0.8,
"url": "http://curl.haxx.se/docs/adv_20150422C.html"
},
{
"title": "USN-2591-1",
"trust": 0.8,
"url": "http://www.ubuntu.com/usn/USN-2591-1"
},
{
"title": "curl-curl-7_42_0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55216"
},
{
"title": "curl-curl-7_42_0",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=55215"
},
{
"title": "Red Hat: CVE-2015-3145",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2015-3145"
},
{
"title": "Debian Security Advisories: DSA-3232-1 curl -- security update",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6e7bbc3a8db398caa606cf6110790ac9"
},
{
"title": "Ubuntu Security Notice: curl vulnerabilities",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice\u0026qid=USN-2591-1"
},
{
"title": "Amazon Linux AMI: ALAS-2015-514",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami\u0026qid=ALAS-2015-514"
},
{
"title": "Apple: OS X Yosemite v10.10.5 and Security Update 2015-006",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories\u0026qid=9834d0d73bf28fb80d3390930bafd906"
},
{
"title": "Oracle: Oracle Critical Patch Update Advisory - October 2018",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=81c63752a6f26433af2128b2e8c02385"
},
{
"title": "Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - January 2016",
"trust": 0.1,
"url": "https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins\u0026qid=eb439566c9130adc92d21bc093204cf8"
},
{
"title": "afl-cve",
"trust": 0.1,
"url": "https://github.com/mrash/afl-cve "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-119",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "http://advisories.mageia.org/mgasa-2015-0179.html"
},
{
"trust": 2.1,
"url": "http://curl.haxx.se/docs/adv_20150422c.html"
},
{
"trust": 1.8,
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"trust": 1.5,
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"trust": 1.3,
"url": "http://www.securityfocus.com/bid/74303"
},
{
"trust": 1.3,
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"trust": 1.3,
"url": "http://www.ubuntu.com/usn/usn-2591-1"
},
{
"trust": 1.2,
"url": "http://lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 1.2,
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"trust": 1.2,
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c05045763"
},
{
"trust": 1.2,
"url": "https://support.apple.com/kb/ht205031"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/155957.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-april/156250.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157017.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/157188.html"
},
{
"trust": 1.2,
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-may/156945.html"
},
{
"trust": 1.2,
"url": "http://www.mandriva.com/security/advisories?name=mdvsa-2015:219"
},
{
"trust": 1.2,
"url": "http://www.securitytracker.com/id/1032232"
},
{
"trust": 1.2,
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"trust": 1.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743"
},
{
"trust": 1.0,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3145"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3145"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/64164"
},
{
"trust": 0.6,
"url": "http://secunia.com/advisories/64284"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3148"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3143"
},
{
"trust": 0.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3145"
},
{
"trust": 0.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3144"
},
{
"trust": 0.3,
"url": "http://curl.haxx.se/"
},
{
"trust": 0.3,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026id=jsa10743\u0026cat=sirt_1\u0026actp=list"
},
{
"trust": 0.3,
"url": "http://prod.lists.apple.com/archives/security-announce/2015/aug/msg00001.html"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903004"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21903006"
},
{
"trust": 0.3,
"url": "http://www-01.ibm.com/support/docview.wss?uid=swg21967789"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3237"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3236"
},
{
"trust": 0.2,
"url": "http://www.debian.org/security/"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3143"
},
{
"trust": 0.2,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3148"
},
{
"trust": 0.1,
"url": "http://kb.juniper.net/infocenter/index?page=content\u0026amp;id=jsa10743"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/119.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://access.redhat.com/security/cve/cve-2015-3145"
},
{
"trust": 0.1,
"url": "https://usn.ubuntu.com/2591-1/"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.38.0-3ubuntu2.2"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.35.0-1ubuntu2.5"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.22.0-3ubuntu4.14"
},
{
"trust": 0.1,
"url": "https://launchpad.net/ubuntu/+source/curl/7.37.1-1ubuntu3.4"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2015-3153"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3144"
},
{
"trust": 0.1,
"url": "http://creativecommons.org/licenses/by-sa/2.5"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3145"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3143"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3237"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3236"
},
{
"trust": 0.1,
"url": "https://security.gentoo.org/"
},
{
"trust": 0.1,
"url": "http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3148"
},
{
"trust": 0.1,
"url": "https://bugs.gentoo.org."
},
{
"trust": 0.1,
"url": "http://www.debian.org/security/faq"
},
{
"trust": 0.1,
"url": "http://:80\"),"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3236"
},
{
"trust": 0.1,
"url": "http://slackware.com"
},
{
"trust": 0.1,
"url": "http://osuosl.org)"
},
{
"trust": 0.1,
"url": "http://slackware.com/gpg-key"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3144"
},
{
"trust": 0.1,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3237"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/"
},
{
"trust": 0.1,
"url": "http://www.mandriva.com/en/support/security/advisories/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "BID",
"id": "74303"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "131727"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-81106"
},
{
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"db": "BID",
"id": "74303"
},
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"db": "PACKETSTORM",
"id": "131699"
},
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131588"
},
{
"db": "PACKETSTORM",
"id": "134138"
},
{
"db": "PACKETSTORM",
"id": "131727"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2015-04-24T00:00:00",
"db": "VULHUB",
"id": "VHN-81106"
},
{
"date": "2015-04-24T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"date": "2015-04-22T00:00:00",
"db": "BID",
"id": "74303"
},
{
"date": "2015-04-28T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"date": "2015-04-30T15:48:24",
"db": "PACKETSTORM",
"id": "131699"
},
{
"date": "2015-09-25T06:54:51",
"db": "PACKETSTORM",
"id": "133700"
},
{
"date": "2015-04-22T20:15:37",
"db": "PACKETSTORM",
"id": "131588"
},
{
"date": "2015-10-30T23:23:03",
"db": "PACKETSTORM",
"id": "134138"
},
{
"date": "2015-05-04T17:18:27",
"db": "PACKETSTORM",
"id": "131727"
},
{
"date": "2015-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"date": "2015-04-24T14:59:10.157000",
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2018-10-30T00:00:00",
"db": "VULHUB",
"id": "VHN-81106"
},
{
"date": "2018-10-30T00:00:00",
"db": "VULMON",
"id": "CVE-2015-3145"
},
{
"date": "2016-07-06T14:27:00",
"db": "BID",
"id": "74303"
},
{
"date": "2016-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2015-002486"
},
{
"date": "2015-04-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201504-502"
},
{
"date": "2024-11-21T02:28:46.150000",
"db": "NVD",
"id": "CVE-2015-3145"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "PACKETSTORM",
"id": "133700"
},
{
"db": "PACKETSTORM",
"id": "131727"
},
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
}
],
"trust": 0.8
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "cURL and libcurl of sanitize_cookie_path Service disruption in functions (DoS) Vulnerabilities",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2015-002486"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer overflow",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201504-502"
}
],
"trust": 0.6
}
}
suse-su-2015:0990-1
Vulnerability from csaf_suse
Published
2015-04-29 18:22
Modified
2015-04-29 18:22
Summary
Security update for curl
Notes
Title of the patch
Security update for curl
Description of the patch
curl was updated to fix five security issues.
The following vulnerabilities were fixed:
* CVE-2015-3143: curl could re-use NTML authenticateds connections
* CVE-2015-3144: curl could access memory out of bounds with zero length host names
* CVE-2015-3145: curl cookie parser could access memory out of boundary
* CVE-2015-3148: curl could treat Negotiate as not connection-oriented
* CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies
Patchnames
SUSE-SLE-DESKTOP-12-2015-235,SUSE-SLE-SDK-12-2015-235,SUSE-SLE-SERVER-12-2015-235
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for curl",
"title": "Title of the patch"
},
{
"category": "description",
"text": "curl was updated to fix five security issues.\n\nThe following vulnerabilities were fixed:\n\n* CVE-2015-3143: curl could re-use NTML authenticateds connections\n* CVE-2015-3144: curl could access memory out of bounds with zero length host names\n* CVE-2015-3145: curl cookie parser could access memory out of boundary\n* CVE-2015-3148: curl could treat Negotiate as not connection-oriented\n* CVE-2015-3153: curl could have sent sensitive HTTP headers also to proxies\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-SLE-DESKTOP-12-2015-235,SUSE-SLE-SDK-12-2015-235,SUSE-SLE-SERVER-12-2015-235",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2015_0990-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2015:0990-1",
"url": "https://www.suse.com/support/update/announcement/2015/suse-su-20150990-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2015:0990-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2015-June/001421.html"
},
{
"category": "self",
"summary": "SUSE Bug 927556",
"url": "https://bugzilla.suse.com/927556"
},
{
"category": "self",
"summary": "SUSE Bug 927607",
"url": "https://bugzilla.suse.com/927607"
},
{
"category": "self",
"summary": "SUSE Bug 927608",
"url": "https://bugzilla.suse.com/927608"
},
{
"category": "self",
"summary": "SUSE Bug 927746",
"url": "https://bugzilla.suse.com/927746"
},
{
"category": "self",
"summary": "SUSE Bug 928533",
"url": "https://bugzilla.suse.com/928533"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3143 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3144 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3145 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3148 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3153 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3153/"
}
],
"title": "Security update for curl",
"tracking": {
"current_release_date": "2015-04-29T18:22:39Z",
"generator": {
"date": "2015-04-29T18:22:39Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2015:0990-1",
"initial_release_date": "2015-04-29T18:22:39Z",
"revision_history": [
{
"date": "2015-04-29T18:22:39Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-15.1.ppc64le",
"product": {
"name": "libcurl-devel-7.37.0-15.1.ppc64le",
"product_id": "libcurl-devel-7.37.0-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "curl-7.37.0-15.1.ppc64le",
"product": {
"name": "curl-7.37.0-15.1.ppc64le",
"product_id": "curl-7.37.0-15.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-15.1.ppc64le",
"product": {
"name": "libcurl4-7.37.0-15.1.ppc64le",
"product_id": "libcurl4-7.37.0-15.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-15.1.s390x",
"product": {
"name": "libcurl-devel-7.37.0-15.1.s390x",
"product_id": "libcurl-devel-7.37.0-15.1.s390x"
}
},
{
"category": "product_version",
"name": "curl-7.37.0-15.1.s390x",
"product": {
"name": "curl-7.37.0-15.1.s390x",
"product_id": "curl-7.37.0-15.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-15.1.s390x",
"product": {
"name": "libcurl4-7.37.0-15.1.s390x",
"product_id": "libcurl4-7.37.0-15.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.37.0-15.1.s390x",
"product": {
"name": "libcurl4-32bit-7.37.0-15.1.s390x",
"product_id": "libcurl4-32bit-7.37.0-15.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.37.0-15.1.x86_64",
"product": {
"name": "curl-7.37.0-15.1.x86_64",
"product_id": "curl-7.37.0-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.37.0-15.1.x86_64",
"product": {
"name": "libcurl4-7.37.0-15.1.x86_64",
"product_id": "libcurl4-7.37.0-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.37.0-15.1.x86_64",
"product": {
"name": "libcurl4-32bit-7.37.0-15.1.x86_64",
"product_id": "libcurl4-32bit-7.37.0-15.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.37.0-15.1.x86_64",
"product": {
"name": "libcurl-devel-7.37.0-15.1.x86_64",
"product_id": "libcurl-devel-7.37.0-15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Desktop 12",
"product": {
"name": "SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sled:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Software Development Kit 12",
"product": {
"name": "SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-sdk:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12",
"product": {
"name": "SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64"
},
"product_reference": "curl-7.37.0-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64"
},
"product_reference": "libcurl4-7.37.0-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Desktop 12",
"product_id": "SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.37.0-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Desktop 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-15.1.ppc64le as component of SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le"
},
"product_reference": "libcurl-devel-7.37.0-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x"
},
"product_reference": "libcurl-devel-7.37.0-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Software Development Kit 12",
"product_id": "SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
},
"product_reference": "libcurl-devel-7.37.0-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Software Development Kit 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-15.1.ppc64le as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le"
},
"product_reference": "curl-7.37.0-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x"
},
"product_reference": "curl-7.37.0-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64"
},
"product_reference": "curl-7.37.0-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-15.1.ppc64le as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le"
},
"product_reference": "libcurl4-7.37.0-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x"
},
"product_reference": "libcurl4-7.37.0-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64"
},
"product_reference": "libcurl4-7.37.0-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x"
},
"product_reference": "libcurl4-32bit-7.37.0-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server 12",
"product_id": "SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.37.0-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le"
},
"product_reference": "curl-7.37.0-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x"
},
"product_reference": "curl-7.37.0-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64"
},
"product_reference": "curl-7.37.0-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-15.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le"
},
"product_reference": "libcurl4-7.37.0-15.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x"
},
"product_reference": "libcurl4-7.37.0-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64"
},
"product_reference": "libcurl4-7.37.0-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-15.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x"
},
"product_reference": "libcurl4-32bit-7.37.0-15.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.37.0-15.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.37.0-15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2015-3143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3143"
}
],
"notes": [
{
"category": "general",
"text": "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3143",
"url": "https://www.suse.com/security/cve/CVE-2015-3143"
},
{
"category": "external",
"summary": "SUSE Bug 927556 for CVE-2015-3143",
"url": "https://bugzilla.suse.com/927556"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-04-29T18:22:39Z",
"details": "moderate"
}
],
"title": "CVE-2015-3143"
},
{
"cve": "CVE-2015-3144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3144"
}
],
"notes": [
{
"category": "general",
"text": "The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by \"http://:80\" and \":80.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3144",
"url": "https://www.suse.com/security/cve/CVE-2015-3144"
},
{
"category": "external",
"summary": "SUSE Bug 927608 for CVE-2015-3144",
"url": "https://bugzilla.suse.com/927608"
},
{
"category": "external",
"summary": "SUSE Bug 951391 for CVE-2015-3144",
"url": "https://bugzilla.suse.com/951391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-04-29T18:22:39Z",
"details": "important"
}
],
"title": "CVE-2015-3144"
},
{
"cve": "CVE-2015-3145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3145"
}
],
"notes": [
{
"category": "general",
"text": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3145",
"url": "https://www.suse.com/security/cve/CVE-2015-3145"
},
{
"category": "external",
"summary": "SUSE Bug 927607 for CVE-2015-3145",
"url": "https://bugzilla.suse.com/927607"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-04-29T18:22:39Z",
"details": "important"
}
],
"title": "CVE-2015-3145"
},
{
"cve": "CVE-2015-3148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3148"
}
],
"notes": [
{
"category": "general",
"text": "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3148",
"url": "https://www.suse.com/security/cve/CVE-2015-3148"
},
{
"category": "external",
"summary": "SUSE Bug 1092962 for CVE-2015-3148",
"url": "https://bugzilla.suse.com/1092962"
},
{
"category": "external",
"summary": "SUSE Bug 927746 for CVE-2015-3148",
"url": "https://bugzilla.suse.com/927746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-04-29T18:22:39Z",
"details": "moderate"
}
],
"title": "CVE-2015-3148"
},
{
"cve": "CVE-2015-3153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3153"
}
],
"notes": [
{
"category": "general",
"text": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3153",
"url": "https://www.suse.com/security/cve/CVE-2015-3153"
},
{
"category": "external",
"summary": "SUSE Bug 928533 for CVE-2015-3153",
"url": "https://bugzilla.suse.com/928533"
},
{
"category": "external",
"summary": "SUSE Bug 951391 for CVE-2015-3153",
"url": "https://bugzilla.suse.com/951391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Desktop 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Desktop 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:curl-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-32bit-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12:libcurl4-7.37.0-15.1.x86_64",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.ppc64le",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.s390x",
"SUSE Linux Enterprise Software Development Kit 12:libcurl-devel-7.37.0-15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2015-04-29T18:22:39Z",
"details": "moderate"
}
],
"title": "CVE-2015-3153"
}
]
}
fkie_cve-2015-3145
Vulnerability from fkie_nvd
Published
2015-04-24 14:59
Modified
2025-04-12 10:46
Severity ?
Summary
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 14.10 | |
| canonical | ubuntu_linux | 15.04 | |
| debian | debian_linux | 7.0 | |
| haxx | curl | 7.31.0 | |
| haxx | curl | 7.32.0 | |
| haxx | curl | 7.33.0 | |
| haxx | curl | 7.34.0 | |
| haxx | curl | 7.35.0 | |
| haxx | curl | 7.36.0 | |
| haxx | curl | 7.37.0 | |
| haxx | curl | 7.37.1 | |
| haxx | curl | 7.38.0 | |
| haxx | curl | 7.39.0 | |
| haxx | curl | 7.40.0 | |
| haxx | curl | 7.41.0 | |
| apple | mac_os_x | 10.10.0 | |
| apple | mac_os_x | 10.10.1 | |
| apple | mac_os_x | 10.10.2 | |
| apple | mac_os_x | 10.10.3 | |
| apple | mac_os_x | 10.10.4 | |
| oracle | solaris | 11.3 | |
| haxx | libcurl | 7.30.0 | |
| haxx | libcurl | 7.31.0 | |
| haxx | libcurl | 7.32.0 | |
| haxx | libcurl | 7.33.0 | |
| haxx | libcurl | 7.34.0 | |
| haxx | libcurl | 7.35.0 | |
| haxx | libcurl | 7.36.0 | |
| haxx | libcurl | 7.37.0 | |
| haxx | libcurl | 7.37.1 | |
| haxx | libcurl | 7.38.0 | |
| haxx | libcurl | 7.39 | |
| haxx | libcurl | 7.40.0 | |
| haxx | libcurl | 7.41.0 | |
| hp | system_management_homepage | * | |
| opensuse | opensuse | 13.1 | |
| opensuse | opensuse | 13.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B6B7CAD7-9D4E-4FDB-88E3-1E583210A01F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"matchCriteriaId": "49A63F39-30BE-443F-AF10-6245587D3359",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5ECABFCB-0D02-4B5B-BB35-C6B3C0896348",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A5176F0-E62F-46FF-B536-DC0680696773",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "506A3761-3D24-43DB-88D8-4EB5B9E8BA5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0B6EF8B0-0E86-449C-A500-ACD902A78C7F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D558CC2-0146-4887-834E-19FCB1D512A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6931764D-16AB-4546-9CE3-5B4E03BC984A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FC1313E-8DCB-4B29-A9BC-A27C8CB360E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B27C2E02-5C0A-4A12-B0A6-5B1C0DFA94E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC7535F-B8C7-490F-A2F9-1DCFD41A3C9B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3CCBFE6D-F6A9-4394-9AF8-F830DC7E6A81",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEBBFCA-6A18-4F8F-B841-50255C952FA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FEEAE437-A645-468B-B283-44799658F534",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C8A2286E-9D1C-4B56-8B40-150201B818AF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0AF9BC68-7F0D-4DF9-9CD8-6CE9844555C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D35FAC77-A0DD-4AF9-AA9E-A4B170842D2D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*",
"matchCriteriaId": "831B1114-7CA7-43E3-9A15-592218060A1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
"matchCriteriaId": "E8B0A12E-E122-4189-A05E-4FEA43C19876",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"matchCriteriaId": "79A602C5-61FE-47BA-9786-F045B6C6DBA8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B6BFFB-7967-482C-9B49-4BD25C815299",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1791BF6D-2C96-4A6E-90D4-2906A73601F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*",
"matchCriteriaId": "260DD751-4145-4B75-B892-5FC932C6A305",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFF4AD0D-2EC5-4CE8-B6B3-2EC8ED2FF118",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3EB1CB85-0A9B-4816-B471-278774EE6D4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3831AB03-4E7E-476D-9623-58AADC188DFE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ABACE305-2F0C-4B59-BC5C-6DF162B450E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6FAC1B55-F492-484E-B837-E7745682DE0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E0D57914-B40A-462B-9C78-6433BE2B2DB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A9A12DF7-62C5-46AD-9236-E2821C64156E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*",
"matchCriteriaId": "4C43697D-390A-4AC0-A5D8-62B6D22245BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D52E9E9F-7A35-4CB9-813E-5A1D4A36415C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*",
"matchCriteriaId": "257291FB-969C-4413-BA81-806B5E1B40A7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D06BF4CE-299F-42E4-BA0A-5D68788C92DF",
"versionEndIncluding": "7.5.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A10BC294-9196-425F-9FB0-B1625465B47F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"matchCriteriaId": "03117DF1-3BEC-4B8D-AD63-DBBDB2126081",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character."
},
{
"lang": "es",
"value": "La funci\u00f3n sanitize_cookie_path en cURL y libcurl 7.31.0 hasta 7.41.0 no calcula correctamente un indice, lo que permite a atacantes remotos causar una denegaci\u00f3n de servicio (escritura fuera de rango y ca\u00edda) o posiblemente tener otro impacto no especificado a trav\u00e9s de una ruta de cookie que contiene solamente un car\u00e1cter de comillas dobles."
}
],
"id": "CVE-2015-3145",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2015-04-24T14:59:10.157",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0179.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://curl.haxx.se/docs/adv_20150422C.html"
},
{
"source": "secalert@redhat.com",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
},
{
"source": "secalert@redhat.com",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/74303"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032232"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2591-1"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"source": "secalert@redhat.com",
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0179.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://curl.haxx.se/docs/adv_20150422C.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/74303"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2591-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2015-02753
Vulnerability from cnvd
Title: cURL和libcurl拒绝服务漏洞(CNVD-2015-02753)
Description:
CURL是一套利用URL语法在命令行下工作的文件传输工具。Libcurl是一个免费、开源的客户端URL传输库。
Haxx cURL和libcurl 7.31.0版本至7.41.0版本的‘sanitize_cookie_path’函数中存在安全漏洞,该漏洞源于程序未能正确计算索引。远程攻击者利用该漏洞可借助只有双引号字符的cookie路径造成拒绝服务(越边界写入和崩溃)。
Severity: 高
Patch Name: cURL和libcurl拒绝服务漏洞(CNVD-2015-02753)的补丁
Patch Description:
CURL是一套利用URL语法在命令行下工作的文件传输工具。Libcurl是一个免费、开源的客户端URL传输库。Haxx cURL和libcurl 7.31.0版本至7.41.0版本的‘sanitize_cookie_path’函数中存在安全漏洞,该漏洞源于程序未能正确计算索引。远程攻击者利用该漏洞可借助只有双引号字符的cookie路径造成拒绝服务(越边界写入和崩溃)。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接: http://curl.haxx.se/docs/adv_20150422B.html
Reference: http://www.debian.org/security/2015/dsa-3232 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3145
Impacted products
| Name | Haxx Libcurl/cURL 7.31.0-7.41.0 |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2015-3145"
}
},
"description": "CURL\u662f\u4e00\u5957\u5229\u7528URL\u8bed\u6cd5\u5728\u547d\u4ee4\u884c\u4e0b\u5de5\u4f5c\u7684\u6587\u4ef6\u4f20\u8f93\u5de5\u5177\u3002Libcurl\u662f\u4e00\u4e2a\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5ba2\u6237\u7aefURL\u4f20\u8f93\u5e93\u3002\r\n\r\nHaxx cURL\u548clibcurl 7.31.0\u7248\u672c\u81f37.41.0\u7248\u672c\u7684\u2018sanitize_cookie_path\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u8ba1\u7b97\u7d22\u5f15\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u501f\u52a9\u53ea\u6709\u53cc\u5f15\u53f7\u5b57\u7b26\u7684cookie\u8def\u5f84\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u8fb9\u754c\u5199\u5165\u548c\u5d29\u6e83\uff09\u3002",
"discovererName": "Hanno B\u00f6ck",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://curl.haxx.se/docs/adv_20150422B.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2015-02753",
"openTime": "2015-04-28",
"patchDescription": "CURL\u662f\u4e00\u5957\u5229\u7528URL\u8bed\u6cd5\u5728\u547d\u4ee4\u884c\u4e0b\u5de5\u4f5c\u7684\u6587\u4ef6\u4f20\u8f93\u5de5\u5177\u3002Libcurl\u662f\u4e00\u4e2a\u514d\u8d39\u3001\u5f00\u6e90\u7684\u5ba2\u6237\u7aefURL\u4f20\u8f93\u5e93\u3002Haxx cURL\u548clibcurl 7.31.0\u7248\u672c\u81f37.41.0\u7248\u672c\u7684\u2018sanitize_cookie_path\u2019\u51fd\u6570\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u672a\u80fd\u6b63\u786e\u8ba1\u7b97\u7d22\u5f15\u3002\u8fdc\u7a0b\u653b\u51fb\u8005\u5229\u7528\u8be5\u6f0f\u6d1e\u53ef\u501f\u52a9\u53ea\u6709\u53cc\u5f15\u53f7\u5b57\u7b26\u7684cookie\u8def\u5f84\u9020\u6210\u62d2\u7edd\u670d\u52a1\uff08\u8d8a\u8fb9\u754c\u5199\u5165\u548c\u5d29\u6e83\uff09\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "cURL\u548clibcurl\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-02753\uff09\u7684\u8865\u4e01",
"products": {
"product": "Haxx Libcurl/cURL 7.31.0-7.41.0"
},
"referenceLink": "http://www.debian.org/security/2015/dsa-3232 \r\nhttps://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3145",
"serverity": "\u9ad8",
"submitTime": "2015-04-27",
"title": "cURL\u548clibcurl\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2015-02753\uff09"
}
opensuse-su-2024:10303-1
Vulnerability from csaf_opensuse
Published
2024-06-15 00:00
Modified
2024-06-15 00:00
Summary
curl-7.51.0-1.1 on GA media
Notes
Title of the patch
curl-7.51.0-1.1 on GA media
Description of the patch
These are all security issues fixed in the curl-7.51.0-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2024-10303
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "curl-7.51.0-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the curl-7.51.0-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-10303",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10303-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-0037 page",
"url": "https://www.suse.com/security/cve/CVE-2009-0037/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2009-2417 page",
"url": "https://www.suse.com/security/cve/CVE-2009-2417/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-0249 page",
"url": "https://www.suse.com/security/cve/CVE-2013-0249/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-1944 page",
"url": "https://www.suse.com/security/cve/CVE-2013-1944/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-2174 page",
"url": "https://www.suse.com/security/cve/CVE-2013-2174/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-4545 page",
"url": "https://www.suse.com/security/cve/CVE-2013-4545/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0015 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0015/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0138 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0138/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-0139 page",
"url": "https://www.suse.com/security/cve/CVE-2014-0139/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3613 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3613/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-3620 page",
"url": "https://www.suse.com/security/cve/CVE-2014-3620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2014-8150 page",
"url": "https://www.suse.com/security/cve/CVE-2014-8150/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3143 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3143/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3144 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3144/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3145 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3145/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3148 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3148/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3153 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3153/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3236 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3236/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2015-3237 page",
"url": "https://www.suse.com/security/cve/CVE-2015-3237/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-0755 page",
"url": "https://www.suse.com/security/cve/CVE-2016-0755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-7167 page",
"url": "https://www.suse.com/security/cve/CVE-2016-7167/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8615 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8615/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8616 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8616/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8617 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8617/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8618 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8618/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8619 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8619/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8620 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8620/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8621 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8621/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8622 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8622/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8623 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8623/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8624 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8624/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2016-8625 page",
"url": "https://www.suse.com/security/cve/CVE-2016-8625/"
}
],
"title": "curl-7.51.0-1.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:10303-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "curl-7.51.0-1.1.aarch64",
"product": {
"name": "curl-7.51.0-1.1.aarch64",
"product_id": "curl-7.51.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.51.0-1.1.aarch64",
"product": {
"name": "libcurl-devel-7.51.0-1.1.aarch64",
"product_id": "libcurl-devel-7.51.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.51.0-1.1.aarch64",
"product": {
"name": "libcurl-devel-32bit-7.51.0-1.1.aarch64",
"product_id": "libcurl-devel-32bit-7.51.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.51.0-1.1.aarch64",
"product": {
"name": "libcurl4-7.51.0-1.1.aarch64",
"product_id": "libcurl4-7.51.0-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.51.0-1.1.aarch64",
"product": {
"name": "libcurl4-32bit-7.51.0-1.1.aarch64",
"product_id": "libcurl4-32bit-7.51.0-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.51.0-1.1.ppc64le",
"product": {
"name": "curl-7.51.0-1.1.ppc64le",
"product_id": "curl-7.51.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.51.0-1.1.ppc64le",
"product": {
"name": "libcurl-devel-7.51.0-1.1.ppc64le",
"product_id": "libcurl-devel-7.51.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"product": {
"name": "libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"product_id": "libcurl-devel-32bit-7.51.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-7.51.0-1.1.ppc64le",
"product": {
"name": "libcurl4-7.51.0-1.1.ppc64le",
"product_id": "libcurl4-7.51.0-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.51.0-1.1.ppc64le",
"product": {
"name": "libcurl4-32bit-7.51.0-1.1.ppc64le",
"product_id": "libcurl4-32bit-7.51.0-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.51.0-1.1.s390x",
"product": {
"name": "curl-7.51.0-1.1.s390x",
"product_id": "curl-7.51.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.51.0-1.1.s390x",
"product": {
"name": "libcurl-devel-7.51.0-1.1.s390x",
"product_id": "libcurl-devel-7.51.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.51.0-1.1.s390x",
"product": {
"name": "libcurl-devel-32bit-7.51.0-1.1.s390x",
"product_id": "libcurl-devel-32bit-7.51.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-7.51.0-1.1.s390x",
"product": {
"name": "libcurl4-7.51.0-1.1.s390x",
"product_id": "libcurl4-7.51.0-1.1.s390x"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.51.0-1.1.s390x",
"product": {
"name": "libcurl4-32bit-7.51.0-1.1.s390x",
"product_id": "libcurl4-32bit-7.51.0-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "curl-7.51.0-1.1.x86_64",
"product": {
"name": "curl-7.51.0-1.1.x86_64",
"product_id": "curl-7.51.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-7.51.0-1.1.x86_64",
"product": {
"name": "libcurl-devel-7.51.0-1.1.x86_64",
"product_id": "libcurl-devel-7.51.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl-devel-32bit-7.51.0-1.1.x86_64",
"product": {
"name": "libcurl-devel-32bit-7.51.0-1.1.x86_64",
"product_id": "libcurl-devel-32bit-7.51.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-7.51.0-1.1.x86_64",
"product": {
"name": "libcurl4-7.51.0-1.1.x86_64",
"product_id": "libcurl4-7.51.0-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "libcurl4-32bit-7.51.0-1.1.x86_64",
"product": {
"name": "libcurl4-32bit-7.51.0-1.1.x86_64",
"product_id": "libcurl4-32bit-7.51.0-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64"
},
"product_reference": "curl-7.51.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le"
},
"product_reference": "curl-7.51.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.51.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.51.0-1.1.s390x"
},
"product_reference": "curl-7.51.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "curl-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64"
},
"product_reference": "curl-7.51.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64"
},
"product_reference": "libcurl-devel-7.51.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le"
},
"product_reference": "libcurl-devel-7.51.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.51.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x"
},
"product_reference": "libcurl-devel-7.51.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64"
},
"product_reference": "libcurl-devel-7.51.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64"
},
"product_reference": "libcurl-devel-32bit-7.51.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le"
},
"product_reference": "libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.51.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x"
},
"product_reference": "libcurl-devel-32bit-7.51.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl-devel-32bit-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64"
},
"product_reference": "libcurl-devel-32bit-7.51.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64"
},
"product_reference": "libcurl4-7.51.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le"
},
"product_reference": "libcurl4-7.51.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.51.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x"
},
"product_reference": "libcurl4-7.51.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
},
"product_reference": "libcurl4-7.51.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.51.0-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64"
},
"product_reference": "libcurl4-32bit-7.51.0-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.51.0-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le"
},
"product_reference": "libcurl4-32bit-7.51.0-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.51.0-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x"
},
"product_reference": "libcurl4-32bit-7.51.0-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "libcurl4-32bit-7.51.0-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64"
},
"product_reference": "libcurl4-32bit-7.51.0-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2009-0037",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-0037"
}
],
"notes": [
{
"category": "general",
"text": "The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-0037",
"url": "https://www.suse.com/security/cve/CVE-2009-0037"
},
{
"category": "external",
"summary": "SUSE Bug 475103 for CVE-2009-0037",
"url": "https://bugzilla.suse.com/475103"
},
{
"category": "external",
"summary": "SUSE Bug 527990 for CVE-2009-0037",
"url": "https://bugzilla.suse.com/527990"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2009-0037"
},
{
"cve": "CVE-2009-2417",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2009-2417"
}
],
"notes": [
{
"category": "general",
"text": "lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a \u0027\\0\u0027 character in a domain name in the subject\u0027s Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2009-2417",
"url": "https://www.suse.com/security/cve/CVE-2009-2417"
},
{
"category": "external",
"summary": "SUSE Bug 527990 for CVE-2009-2417",
"url": "https://bugzilla.suse.com/527990"
},
{
"category": "external",
"summary": "SUSE Bug 528372 for CVE-2009-2417",
"url": "https://bugzilla.suse.com/528372"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2009-2417"
},
{
"cve": "CVE-2013-0249",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-0249"
}
],
"notes": [
{
"category": "general",
"text": "Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-0249",
"url": "https://www.suse.com/security/cve/CVE-2013-0249"
},
{
"category": "external",
"summary": "SUSE Bug 802411 for CVE-2013-0249",
"url": "https://bugzilla.suse.com/802411"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2013-0249"
},
{
"cve": "CVE-2013-1944",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-1944"
}
],
"notes": [
{
"category": "general",
"text": "The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-1944",
"url": "https://www.suse.com/security/cve/CVE-2013-1944"
},
{
"category": "external",
"summary": "SUSE Bug 814655 for CVE-2013-1944",
"url": "https://bugzilla.suse.com/814655"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2013-1944"
},
{
"cve": "CVE-2013-2174",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-2174"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a \"%\" (percent) character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-2174",
"url": "https://www.suse.com/security/cve/CVE-2013-2174"
},
{
"category": "external",
"summary": "SUSE Bug 824517 for CVE-2013-2174",
"url": "https://bugzilla.suse.com/824517"
},
{
"category": "external",
"summary": "SUSE Bug 917692 for CVE-2013-2174",
"url": "https://bugzilla.suse.com/917692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-2174"
},
{
"cve": "CVE-2013-4545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-4545"
}
],
"notes": [
{
"category": "general",
"text": "cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-4545",
"url": "https://www.suse.com/security/cve/CVE-2013-4545"
},
{
"category": "external",
"summary": "SUSE Bug 849596 for CVE-2013-4545",
"url": "https://bugzilla.suse.com/849596"
},
{
"category": "external",
"summary": "SUSE Bug 870444 for CVE-2013-4545",
"url": "https://bugzilla.suse.com/870444"
},
{
"category": "external",
"summary": "SUSE Bug 880252 for CVE-2013-4545",
"url": "https://bugzilla.suse.com/880252"
},
{
"category": "external",
"summary": "SUSE Bug 882520 for CVE-2013-4545",
"url": "https://bugzilla.suse.com/882520"
},
{
"category": "external",
"summary": "SUSE Bug 924250 for CVE-2013-4545",
"url": "https://bugzilla.suse.com/924250"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2013-4545"
},
{
"cve": "CVE-2014-0015",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0015"
}
],
"notes": [
{
"category": "general",
"text": "cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0015",
"url": "https://www.suse.com/security/cve/CVE-2014-0015"
},
{
"category": "external",
"summary": "SUSE Bug 858673 for CVE-2014-0015",
"url": "https://bugzilla.suse.com/858673"
},
{
"category": "external",
"summary": "SUSE Bug 868627 for CVE-2014-0015",
"url": "https://bugzilla.suse.com/868627"
},
{
"category": "external",
"summary": "SUSE Bug 880252 for CVE-2014-0015",
"url": "https://bugzilla.suse.com/880252"
},
{
"category": "external",
"summary": "SUSE Bug 882520 for CVE-2014-0015",
"url": "https://bugzilla.suse.com/882520"
},
{
"category": "external",
"summary": "SUSE Bug 927556 for CVE-2014-0015",
"url": "https://bugzilla.suse.com/927556"
},
{
"category": "external",
"summary": "SUSE Bug 962983 for CVE-2014-0015",
"url": "https://bugzilla.suse.com/962983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2014-0015"
},
{
"cve": "CVE-2014-0138",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0138"
}
],
"notes": [
{
"category": "general",
"text": "The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, which might allow context-dependent attackers to connect as other users via a request, a similar issue to CVE-2014-0015.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0138",
"url": "https://www.suse.com/security/cve/CVE-2014-0138"
},
{
"category": "external",
"summary": "SUSE Bug 868627 for CVE-2014-0138",
"url": "https://bugzilla.suse.com/868627"
},
{
"category": "external",
"summary": "SUSE Bug 880252 for CVE-2014-0138",
"url": "https://bugzilla.suse.com/880252"
},
{
"category": "external",
"summary": "SUSE Bug 882520 for CVE-2014-0138",
"url": "https://bugzilla.suse.com/882520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-0138"
},
{
"cve": "CVE-2014-0139",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-0139"
}
],
"notes": [
{
"category": "general",
"text": "cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject\u0027s Common Name (CN) field of an X.509 certificate, which might allow man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-0139",
"url": "https://www.suse.com/security/cve/CVE-2014-0139"
},
{
"category": "external",
"summary": "SUSE Bug 868629 for CVE-2014-0139",
"url": "https://bugzilla.suse.com/868629"
},
{
"category": "external",
"summary": "SUSE Bug 880252 for CVE-2014-0139",
"url": "https://bugzilla.suse.com/880252"
},
{
"category": "external",
"summary": "SUSE Bug 882520 for CVE-2014-0139",
"url": "https://bugzilla.suse.com/882520"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-0139"
},
{
"cve": "CVE-2014-3613",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3613"
}
],
"notes": [
{
"category": "general",
"text": "cURL and libcurl before 7.38.0 does not properly handle IP addresses in cookie domain names, which allows remote attackers to set cookies for or send arbitrary cookies to certain sites, as demonstrated by a site at 192.168.0.1 setting cookies for a site at 127.168.0.1.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3613",
"url": "https://www.suse.com/security/cve/CVE-2014-3613"
},
{
"category": "external",
"summary": "SUSE Bug 894575 for CVE-2014-3613",
"url": "https://bugzilla.suse.com/894575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-3613"
},
{
"cve": "CVE-2014-3620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-3620"
}
],
"notes": [
{
"category": "general",
"text": "cURL and libcurl before 7.38.0 allow remote attackers to bypass the Same Origin Policy and set cookies for arbitrary sites by setting a cookie for a top-level domain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-3620",
"url": "https://www.suse.com/security/cve/CVE-2014-3620"
},
{
"category": "external",
"summary": "SUSE Bug 1199221 for CVE-2014-3620",
"url": "https://bugzilla.suse.com/1199221"
},
{
"category": "external",
"summary": "SUSE Bug 894575 for CVE-2014-3620",
"url": "https://bugzilla.suse.com/894575"
},
{
"category": "external",
"summary": "SUSE Bug 895991 for CVE-2014-3620",
"url": "https://bugzilla.suse.com/895991"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-3620"
},
{
"cve": "CVE-2014-8150",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2014-8150"
}
],
"notes": [
{
"category": "general",
"text": "CRLF injection vulnerability in libcurl 6.0 through 7.x before 7.40.0, when using an HTTP proxy, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2014-8150",
"url": "https://www.suse.com/security/cve/CVE-2014-8150"
},
{
"category": "external",
"summary": "SUSE Bug 911363 for CVE-2014-8150",
"url": "https://bugzilla.suse.com/911363"
},
{
"category": "external",
"summary": "SUSE Bug 951391 for CVE-2014-8150",
"url": "https://bugzilla.suse.com/951391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2014-8150"
},
{
"cve": "CVE-2015-3143",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3143"
}
],
"notes": [
{
"category": "general",
"text": "cURL and libcurl 7.10.6 through 7.41.0 does not properly re-use NTLM connections, which allows remote attackers to connect as other users via an unauthenticated request, a similar issue to CVE-2014-0015.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3143",
"url": "https://www.suse.com/security/cve/CVE-2015-3143"
},
{
"category": "external",
"summary": "SUSE Bug 927556 for CVE-2015-3143",
"url": "https://bugzilla.suse.com/927556"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3143"
},
{
"cve": "CVE-2015-3144",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3144"
}
],
"notes": [
{
"category": "general",
"text": "The fix_hostname function in cURL and libcurl 7.37.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds read or write and crash) or possibly have other unspecified impact via a zero-length host name, as demonstrated by \"http://:80\" and \":80.\"",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3144",
"url": "https://www.suse.com/security/cve/CVE-2015-3144"
},
{
"category": "external",
"summary": "SUSE Bug 927608 for CVE-2015-3144",
"url": "https://bugzilla.suse.com/927608"
},
{
"category": "external",
"summary": "SUSE Bug 951391 for CVE-2015-3144",
"url": "https://bugzilla.suse.com/951391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-3144"
},
{
"cve": "CVE-2015-3145",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3145"
}
],
"notes": [
{
"category": "general",
"text": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3145",
"url": "https://www.suse.com/security/cve/CVE-2015-3145"
},
{
"category": "external",
"summary": "SUSE Bug 927607 for CVE-2015-3145",
"url": "https://bugzilla.suse.com/927607"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2015-3145"
},
{
"cve": "CVE-2015-3148",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3148"
}
],
"notes": [
{
"category": "general",
"text": "cURL and libcurl 7.10.6 through 7.41.0 do not properly re-use authenticated Negotiate connections, which allows remote attackers to connect as other users via a request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3148",
"url": "https://www.suse.com/security/cve/CVE-2015-3148"
},
{
"category": "external",
"summary": "SUSE Bug 1092962 for CVE-2015-3148",
"url": "https://bugzilla.suse.com/1092962"
},
{
"category": "external",
"summary": "SUSE Bug 927746 for CVE-2015-3148",
"url": "https://bugzilla.suse.com/927746"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3148"
},
{
"cve": "CVE-2015-3153",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3153"
}
],
"notes": [
{
"category": "general",
"text": "The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3153",
"url": "https://www.suse.com/security/cve/CVE-2015-3153"
},
{
"category": "external",
"summary": "SUSE Bug 928533 for CVE-2015-3153",
"url": "https://bugzilla.suse.com/928533"
},
{
"category": "external",
"summary": "SUSE Bug 951391 for CVE-2015-3153",
"url": "https://bugzilla.suse.com/951391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3153"
},
{
"cve": "CVE-2015-3236",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3236"
}
],
"notes": [
{
"category": "general",
"text": "cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3236",
"url": "https://www.suse.com/security/cve/CVE-2015-3236"
},
{
"category": "external",
"summary": "SUSE Bug 934501 for CVE-2015-3236",
"url": "https://bugzilla.suse.com/934501"
},
{
"category": "external",
"summary": "SUSE Bug 951391 for CVE-2015-3236",
"url": "https://bugzilla.suse.com/951391"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3236"
},
{
"cve": "CVE-2015-3237",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2015-3237"
}
],
"notes": [
{
"category": "general",
"text": "The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2015-3237",
"url": "https://www.suse.com/security/cve/CVE-2015-3237"
},
{
"category": "external",
"summary": "SUSE Bug 934502 for CVE-2015-3237",
"url": "https://bugzilla.suse.com/934502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2015-3237"
},
{
"cve": "CVE-2016-0755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-0755"
}
],
"notes": [
{
"category": "general",
"text": "The ConnectionExists function in lib/url.c in libcurl before 7.47.0 does not properly re-use NTLM-authenticated proxy connections, which might allow remote attackers to authenticate as other users via a request, a similar issue to CVE-2014-0015.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-0755",
"url": "https://www.suse.com/security/cve/CVE-2016-0755"
},
{
"category": "external",
"summary": "SUSE Bug 962983 for CVE-2016-0755",
"url": "https://bugzilla.suse.com/962983"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.3,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-0755"
},
{
"cve": "CVE-2016-7167",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-7167"
}
],
"notes": [
{
"category": "general",
"text": "Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-7167",
"url": "https://www.suse.com/security/cve/CVE-2016-7167"
},
{
"category": "external",
"summary": "SUSE Bug 998760 for CVE-2016-7167",
"url": "https://bugzilla.suse.com/998760"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-7167"
},
{
"cve": "CVE-2016-8615",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8615"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8615",
"url": "https://www.suse.com/security/cve/CVE-2016-8615"
},
{
"category": "external",
"summary": "SUSE Bug 1005633 for CVE-2016-8615",
"url": "https://bugzilla.suse.com/1005633"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8615"
},
{
"cve": "CVE-2016-8616",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8616"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8616",
"url": "https://www.suse.com/security/cve/CVE-2016-8616"
},
{
"category": "external",
"summary": "SUSE Bug 1005634 for CVE-2016-8616",
"url": "https://bugzilla.suse.com/1005634"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-8616"
},
{
"cve": "CVE-2016-8617",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8617"
}
],
"notes": [
{
"category": "general",
"text": "The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8617",
"url": "https://www.suse.com/security/cve/CVE-2016-8617"
},
{
"category": "external",
"summary": "SUSE Bug 1005635 for CVE-2016-8617",
"url": "https://bugzilla.suse.com/1005635"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-8617"
},
{
"cve": "CVE-2016-8618",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8618"
}
],
"notes": [
{
"category": "general",
"text": "The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8618",
"url": "https://www.suse.com/security/cve/CVE-2016-8618"
},
{
"category": "external",
"summary": "SUSE Bug 1005637 for CVE-2016-8618",
"url": "https://bugzilla.suse.com/1005637"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8618"
},
{
"cve": "CVE-2016-8619",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8619"
}
],
"notes": [
{
"category": "general",
"text": "The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8619",
"url": "https://www.suse.com/security/cve/CVE-2016-8619"
},
{
"category": "external",
"summary": "SUSE Bug 1005638 for CVE-2016-8619",
"url": "https://bugzilla.suse.com/1005638"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8619"
},
{
"cve": "CVE-2016-8620",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8620"
}
],
"notes": [
{
"category": "general",
"text": "The \u0027globbing\u0027 feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8620",
"url": "https://www.suse.com/security/cve/CVE-2016-8620"
},
{
"category": "external",
"summary": "SUSE Bug 1005640 for CVE-2016-8620",
"url": "https://bugzilla.suse.com/1005640"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-8620"
},
{
"cve": "CVE-2016-8621",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8621"
}
],
"notes": [
{
"category": "general",
"text": "The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8621",
"url": "https://www.suse.com/security/cve/CVE-2016-8621"
},
{
"category": "external",
"summary": "SUSE Bug 1005642 for CVE-2016-8621",
"url": "https://bugzilla.suse.com/1005642"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8621"
},
{
"cve": "CVE-2016-8622",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8622"
}
],
"notes": [
{
"category": "general",
"text": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8622",
"url": "https://www.suse.com/security/cve/CVE-2016-8622"
},
{
"category": "external",
"summary": "SUSE Bug 1005643 for CVE-2016-8622",
"url": "https://bugzilla.suse.com/1005643"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8622"
},
{
"cve": "CVE-2016-8623",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8623"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8623",
"url": "https://www.suse.com/security/cve/CVE-2016-8623"
},
{
"category": "external",
"summary": "SUSE Bug 1005645 for CVE-2016-8623",
"url": "https://bugzilla.suse.com/1005645"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-8623"
},
{
"cve": "CVE-2016-8624",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8624"
}
],
"notes": [
{
"category": "general",
"text": "curl before version 7.51.0 doesn\u0027t parse the authority component of the URL correctly when the host name part ends with a \u0027#\u0027 character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8624",
"url": "https://www.suse.com/security/cve/CVE-2016-8624"
},
{
"category": "external",
"summary": "SUSE Bug 1005646 for CVE-2016-8624",
"url": "https://bugzilla.suse.com/1005646"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2016-8624"
},
{
"cve": "CVE-2016-8625",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2016-8625"
}
],
"notes": [
{
"category": "general",
"text": "curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2016-8625",
"url": "https://www.suse.com/security/cve/CVE-2016-8625"
},
{
"category": "external",
"summary": "SUSE Bug 1005649 for CVE-2016-8625",
"url": "https://bugzilla.suse.com/1005649"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"products": [
"openSUSE Tumbleweed:curl-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:curl-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:curl-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:curl-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl-devel-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-32bit-7.51.0-1.1.x86_64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.aarch64",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.ppc64le",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.s390x",
"openSUSE Tumbleweed:libcurl4-7.51.0-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2016-8625"
}
]
}
ghsa-c7m9-x5vw-4grr
Vulnerability from github
Published
2022-05-14 02:06
Modified
2022-05-14 02:06
VLAI Severity ?
Details
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
{
"affected": [],
"aliases": [
"CVE-2015-3145"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2015-04-24T14:59:00Z",
"severity": "HIGH"
},
"details": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.",
"id": "GHSA-c7m9-x5vw-4grr",
"modified": "2022-05-14T02:06:53Z",
"published": "2022-05-14T02:06:53Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3145"
},
{
"type": "WEB",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"type": "WEB",
"url": "https://support.apple.com/kb/HT205031"
},
{
"type": "WEB",
"url": "http://advisories.mageia.org/MGASA-2015-0179.html"
},
{
"type": "WEB",
"url": "http://curl.haxx.se/docs/adv_20150422C.html"
},
{
"type": "WEB",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"type": "WEB",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"type": "WEB",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/74303"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1032232"
},
{
"type": "WEB",
"url": "http://www.ubuntu.com/usn/USN-2591-1"
}
],
"schema_version": "1.4.0",
"severity": []
}
gsd-2015-3145
Vulnerability from gsd
Modified
2023-12-13 01:20
Details
The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2015-3145",
"description": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.",
"id": "GSD-2015-3145",
"references": [
"https://www.suse.com/security/cve/CVE-2015-3145.html",
"https://www.debian.org/security/2015/dsa-3232",
"https://ubuntu.com/security/CVE-2015-3145",
"https://advisories.mageia.org/CVE-2015-3145.html",
"https://alas.aws.amazon.com/cve/html/CVE-2015-3145.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2015-3145"
],
"details": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character.",
"id": "GSD-2015-3145",
"modified": "2023-12-13T01:20:07.941778Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3145",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "74303",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/74303"
},
{
"name": "FEDORA-2015-6853",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"name": "DSA-3232",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"name": "http://curl.haxx.se/docs/adv_20150422C.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20150422C.html"
},
{
"name": "FEDORA-2015-6712",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
},
{
"name": "MDVSA-2015:219",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
},
{
"name": "USN-2591-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/USN-2591-1"
},
{
"name": "1032232",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1032232"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743",
"refsource": "CONFIRM",
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "openSUSE-SU-2015:0799",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0179.html",
"refsource": "CONFIRM",
"url": "http://advisories.mageia.org/MGASA-2015-0179.html"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
"refsource": "CONFIRM",
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "GLSA-201509-02",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"name": "FEDORA-2015-6728",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"name": "FEDORA-2015-6695",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"name": "FEDORA-2015-6864",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.37.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.38.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.33.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.34.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.35.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.41.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.36.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.37.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.31.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.32.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.39.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:curl:7.40.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.10.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:oracle:solaris:11.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.32.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.33.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.40.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.41.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.37.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.37.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.30.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.31.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.38.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.39:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.34.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.35.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:haxx:libcurl:7.36.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:hp:system_management_homepage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "7.5.3.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:opensuse:opensuse:13.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2015-3145"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "The sanitize_cookie_path function in cURL and libcurl 7.31.0 through 7.41.0 does not properly calculate an index, which allows remote attackers to cause a denial of service (out-of-bounds write and crash) or possibly have other unspecified impact via a cookie path containing only a double-quote character."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3232",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "http://www.debian.org/security/2015/dsa-3232"
},
{
"name": "http://curl.haxx.se/docs/adv_20150422C.html",
"refsource": "CONFIRM",
"tags": [
"Vendor Advisory"
],
"url": "http://curl.haxx.se/docs/adv_20150422C.html"
},
{
"name": "USN-2591-1",
"refsource": "UBUNTU",
"tags": [
"Third Party Advisory"
],
"url": "http://www.ubuntu.com/usn/USN-2591-1"
},
{
"name": "FEDORA-2015-6853",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157188.html"
},
{
"name": "FEDORA-2015-6864",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/156945.html"
},
{
"name": "1032232",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1032232"
},
{
"name": "MDVSA-2015:219",
"refsource": "MANDRIVA",
"tags": [
"Third Party Advisory"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:219"
},
{
"name": "FEDORA-2015-6728",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157017.html"
},
{
"name": "openSUSE-SU-2015:0799",
"refsource": "SUSE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-04/msg00057.html"
},
{
"name": "FEDORA-2015-6695",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155957.html"
},
{
"name": "http://advisories.mageia.org/MGASA-2015-0179.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://advisories.mageia.org/MGASA-2015-0179.html"
},
{
"name": "APPLE-SA-2015-08-13-2",
"refsource": "APPLE",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html"
},
{
"name": "https://support.apple.com/kb/HT205031",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://support.apple.com/kb/HT205031"
},
{
"name": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05045763"
},
{
"name": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html"
},
{
"name": "74303",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/74303"
},
{
"name": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743",
"refsource": "CONFIRM",
"tags": [],
"url": "http://kb.juniper.net/InfoCenter/index?page=content\u0026id=JSA10743"
},
{
"name": "GLSA-201509-02",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201509-02"
},
{
"name": "FEDORA-2015-6712",
"refsource": "FEDORA",
"tags": [],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156250.html"
},
{
"name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-30T16:27Z",
"publishedDate": "2015-04-24T14:59Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…