Количество 17
Количество 17
CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
CVE-2023-23916
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
CVE-2023-23916
CVE-2023-23916
An allocation of resources without limits or throttling vulnerability ...
SUSE-SU-2023:0425-1
Security update for curl
RLSA-2023:1140
Moderate: curl security update
GHSA-v8vq-prc2-j6gx
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors.
ELSA-2023-1701
ELSA-2023-1701: curl security update (MODERATE)
ELSA-2023-1140
ELSA-2023-1140: curl security update (MODERATE)
BDU:2023-07689
Уязвимость реализации механизмов "цепочной" компрессии HTTP утилиты командной строки cURL, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2023:0429-1
Security update for curl
ROS-20250923-42
Множественные уязвимости libcurl
ROS-20250923-22
Множественные уязвимости curl
SUSE-SU-2023:1711-1
Security update for curl
SUSE-SU-2023:2228-1
Security update for curl
SUSE-SU-2023:2226-1
Security update for curl
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-23916 An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | CVE-2023-23916 An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | CVE-2023-23916 An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | CVSS3: 6.5 | 0% Низкий | почти 3 года назад | |
| CVE-2023-23916 An allocation of resources without limits or throttling vulnerability ... | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
 | SUSE-SU-2023:0425-1 Security update for curl | 0% Низкий | почти 3 года назад | |
 | RLSA-2023:1140 Moderate: curl security update | 0% Низкий | больше 2 лет назад | |
| GHSA-v8vq-prc2-j6gx An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgorithms. The number of acceptable "links" in this "decompression chain" wascapped, but the cap was implemented on a per-header basis allowing a maliciousserver to insert a virtually unlimited number of compression steps simply byusing many headers. The use of such a decompression chain could result in a "malloc bomb", making curl end up spending enormous amounts of allocated heap memory, or trying to and returning out of memory errors. | 0% Низкий | почти 3 года назад | |
| ELSA-2023-1701 ELSA-2023-1701: curl security update (MODERATE) | больше 2 лет назад | ||
| ELSA-2023-1140 ELSA-2023-1140: curl security update (MODERATE) | больше 2 лет назад | ||
 | BDU:2023-07689 Уязвимость реализации механизмов "цепочной" компрессии HTTP утилиты командной строки cURL, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 0% Низкий | почти 3 года назад |
| SUSE-SU-2023:0429-1 Security update for curl | почти 3 года назад | ||
 | ROS-20250923-42 Множественные уязвимости libcurl | CVSS3: 6.5 | 2 месяца назад | |
| ROS-20250923-22 Множественные уязвимости curl | CVSS3: 6.5 | 2 месяца назад | |
| SUSE-SU-2023:1711-1 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:2228-1 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:2226-1 Security update for curl | больше 2 лет назад |
Уязвимостей на страницу