Описание
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | |
| cosmic | not-affected | |
| devel | not-affected | |
| disco | not-affected | |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | not-affected | |
| esm-infra/xenial | not-affected | |
| precise/esm | not-affected | |
| trusty | ignored | end of standard support |
| trusty/esm | not-affected |
Показывать по
Ссылки на источники
EPSS
4.4 Medium
CVSS2
7.8 High
CVSS3
Связанные уязвимости
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
A non-privileged user or program can put code and a config file in a k ...
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.
Уязвимость библиотеки libcurl, связанная с неверным управлением генерацией кода, позволяющая нарушителю повысить свои привилегии или выполнить произвольный код
EPSS
4.4 Medium
CVSS2
7.8 High
CVSS3