Количество 8
Количество 8
GHSA-xc3w-ghxg-pw5f
libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called `stat()` followed by `fopen()` in a way that made it vulnerable to a TOCTOU race condition problem. By exploiting this flaw, an attacker could trick the victim to create or overwrite protected files holding this data in ways it was not intended to.
CVE-2023-32001
Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for.
CVE-2023-32001
A flaw was found in the curl package. This race condition modifies the behavior of symbolic link files in affected components which might be followed instead of overwritten when the condition is met, leading to undesired and potentially destructive behavior.
CVE-2023-32001
Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for.
CVE-2023-32001
SUSE-SU-2023:2891-1
Security update for curl
SUSE-SU-2023:2880-1
Security update for curl
BDU:2023-04304
Уязвимость функции fopen() библиотеки libcurl, связанная с ошибками управления состоянием, позволяющая нарушителю создать или перезаписать защищенные файлы
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
| GHSA-xc3w-ghxg-pw5f libcurl can be told to save cookie, HSTS and/or alt-svc data to files. When doing this, it called `stat()` followed by `fopen()` in a way that made it vulnerable to a TOCTOU race condition problem. By exploiting this flaw, an attacker could trick the victim to create or overwrite protected files holding this data in ways it was not intended to. | больше 2 лет назад | ||
 | CVE-2023-32001 Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for. | больше 2 лет назад | ||
 | CVE-2023-32001 A flaw was found in the curl package. This race condition modifies the behavior of symbolic link files in affected components which might be followed instead of overwritten when the condition is met, leading to undesired and potentially destructive behavior. | CVSS3: 5.5 | больше 2 лет назад | |
 | CVE-2023-32001 Rejected reason: We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for. | больше 2 лет назад | ||
 | больше 1 года назад | |||
 | SUSE-SU-2023:2891-1 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:2880-1 Security update for curl | больше 2 лет назад | ||
 | BDU:2023-04304 Уязвимость функции fopen() библиотеки libcurl, связанная с ошибками управления состоянием, позволяющая нарушителю создать или перезаписать защищенные файлы | CVSS3: 5.5 | больше 2 лет назад |
Уязвимостей на страницу