Описание
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the CURLOPT_CONNECT_ONLY option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentiality.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| .NET Core 2.1 on Red Hat Enterprise Linux | rh-dotnet21-curl | Not affected | ||
| .NET Core 3.1 on Red Hat Enterprise Linux | rh-dotnet31-curl | Not affected | ||
| Red Hat Ceph Storage 2 | curl | Out of support scope | ||
| Red Hat Enterprise Linux 5 | curl | Not affected | ||
| Red Hat Enterprise Linux 6 | curl | Not affected | ||
| Red Hat Enterprise Linux 7 | curl | Fix deferred | ||
| Red Hat Software Collections | httpd24-curl | Fix deferred | ||
| Red Hat Enterprise Linux 8 | curl | Fixed | RHSA-2021:1610 | 18.05.2021 |
Показывать по
Дополнительная информация
Статус:
3.7 Low
CVSS3
Связанные уязвимости
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
Due to use of a dangling pointer libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data.
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can us ...
3.7 Low
CVSS3