CVE-2025-0665

Опубликовано: 05 фев. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

Ссылки

https://curl.se/docs/CVE-2025-0665.html
Vendor Advisory
https://curl.se/docs/CVE-2025-0665.json
Vendor Advisory
https://hackerone.com/reports/2954286
Exploit
Issue Tracking
Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/02/05/2
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2025/02/05/5
Mailing List
Third Party Advisory
https://security.netapp.com/advisory/ntap-20250306-0007/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:haxx:curl:8.11.1:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:netapp:bootstrap_os:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:netapp:h410c_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410c:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*

EPSS

Процентиль: 89%

0.04612

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-1341

Связанные уязвимости

CVE-2025-0665

CVSS3: 9.8

ubuntu

7 месяцев назад

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

CVE-2025-0665

CVSS3: 4

redhat

7 месяцев назад

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

CVE-2025-0665

CVSS3: 9.8

msrc

6 месяцев назад

Описание отсутствует

CVE-2025-0665

CVSS3: 9.8

debian

7 месяцев назад

libcurl would wrongly close the same eventfd file descriptor twice whe ...

GHSA-cc57-hgv8-p56r

CVSS3: 9.8

github

7 месяцев назад

libcurl would wrongly close the same eventfd file descriptor twice when taking down a connection channel after having completed a threaded name resolve.

EPSS

Процентиль: 89%

0.04612

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-1341