Количество 15
Количество 15

CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.

CVE-2023-23916
CVE-2023-23916
An allocation of resources without limits or throttling vulnerability ...

SUSE-SU-2023:0425-1
Security update for curl

RLSA-2023:1140
Moderate: curl security update
GHSA-v8vq-prc2-j6gx
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
ELSA-2023-1701
ELSA-2023-1701: curl security update (MODERATE)
ELSA-2023-1140
ELSA-2023-1140: curl security update (MODERATE)

BDU:2023-07689
Уязвимость реализации механизмов "цепочной" компрессии HTTP утилиты командной строки cURL, позволяющая нарушителю вызвать отказ в обслуживании

SUSE-SU-2023:0429-1
Security update for curl

SUSE-SU-2023:1711-1
Security update for curl

SUSE-SU-2023:2228-1
Security update for curl

SUSE-SU-2023:2226-1
Security update for curl
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
---|---|---|---|---|
![]() | CVE-2023-23916 An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
![]() | CVE-2023-23916 An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
![]() | CVE-2023-23916 An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
![]() | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад | |
CVE-2023-23916 An allocation of resources without limits or throttling vulnerability ... | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад | |
![]() | SUSE-SU-2023:0425-1 Security update for curl | 0% Низкий | больше 2 лет назад | |
![]() | RLSA-2023:1140 Moderate: curl security update | 0% Низкий | больше 2 лет назад | |
GHSA-v8vq-prc2-j6gx An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | 0% Низкий | больше 2 лет назад | ||
ELSA-2023-1701 ELSA-2023-1701: curl security update (MODERATE) | больше 2 лет назад | |||
ELSA-2023-1140 ELSA-2023-1140: curl security update (MODERATE) | больше 2 лет назад | |||
![]() | BDU:2023-07689 Уязвимость реализации механизмов "цепочной" компрессии HTTP утилиты командной строки cURL, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 0% Низкий | больше 2 лет назад |
![]() | SUSE-SU-2023:0429-1 Security update for curl | больше 2 лет назад | ||
![]() | SUSE-SU-2023:1711-1 Security update for curl | больше 2 лет назад | ||
![]() | SUSE-SU-2023:2228-1 Security update for curl | больше 2 лет назад | ||
![]() | SUSE-SU-2023:2226-1 Security update for curl | больше 2 лет назад |
Уязвимостей на страницу