CVE-2025-0665

Опубликовано: 05 фев. 2025

Источник: debian

EPSS Низкий

Описание

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
curl	fixed	8.12.0+git20250209.89ed161+ds-1		package
curl	not-affected		bookworm	package
curl	not-affected		bullseye	package

Примечания

https://curl.se/docs/CVE-2025-0665.html
Introduced with: https://github.com/curl/curl/commit/92124838c6b7e09e3f35ff84e1eb63cf0105c9b5 (curl-8_11_1)
Fixed by: https://github.com/curl/curl/commit/ff5091aa9f73802e894b1cbdf24ab84e103200e2 (curl-8_12_0)

EPSS

Процентиль: 85%

0.02459

Низкий

Связанные уязвимости

CVE-2025-0665

CVSS3: 9.8

ubuntu

5 месяцев назад

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

CVE-2025-0665

CVSS3: 4

redhat

5 месяцев назад

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

CVE-2025-0665

CVSS3: 9.8

nvd

5 месяцев назад

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

CVE-2025-0665

CVSS3: 9.8

msrc

3 месяца назад

Описание отсутствует

GHSA-cc57-hgv8-p56r

CVSS3: 9.8

github

5 месяцев назад

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

EPSS

Процентиль: 85%

0.02459

Низкий