Описание
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| devel | not-affected | |
| disco | not-affected | |
| eoan | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | not-affected | |
| esm-infra/xenial | not-affected | |
| precise/esm | not-affected | |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected |
Показывать по
Связанные уязвимости
[REJECTED CVE] A vulnerability has been identified in libcurl, where a FILE:// URL crafted with two slashes (or backslashes) followed by a hostname can cause Windows systems to treat the path as an SMB request instead of accessing a local file. This unintended behavior may allow an attacker to redirect file access requests to a malicious SMB server. Applications that allow user-provided URLs or URL parts are particularly vulnerable, potentially exposing sensitive data or enabling unauthorized network interactions.
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none
CURL before 7.68.0 lacks proper input validation, which allows users to create a `FILE:` URL that can make the client access a remote file using SMB (Windows-only issue).