Количество 18
Количество 18
CVE-2023-28322
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
CVE-2023-28322
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
CVE-2023-28322
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
CVE-2023-28322
CVE-2023-28322
An information disclosure vulnerability exists in curl <v8.1.0 when do ...
GHSA-78jh-p6rf-g59w
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST.
BDU:2023-02895
Уязвимость библиотеки libcurl, связанная с ошибками при отправке HTTP-запросов POST и PUT с использованием одного и того же дескриптора, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
ELSA-2023-4354
ELSA-2023-4354: curl security update (MODERATE)
SUSE-SU-2023:2230-1
Security update for curl
SUSE-SU-2023:2227-1
Security update for curl
RLSA-2024:1601
Moderate: curl security and bug fix update
ELSA-2024-1601
ELSA-2024-1601: curl security and bug fix update (MODERATE)
SUSE-SU-2023:2224-2
Security update for curl
SUSE-SU-2023:2224-1
Security update for curl
SUSE-SU-2023:2225-1
Security update for curl
ROS-20230621-24
Множественные уязвимости libCurl
SUSE-SU-2023:2228-1
Security update for curl
SUSE-SU-2023:2226-1
Security update for curl
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2023-28322 An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | CVSS3: 3.7 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-28322 An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | CVSS3: 3.7 | 0% Низкий | больше 2 лет назад |
 | CVE-2023-28322 An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | CVSS3: 3.7 | 0% Низкий | больше 2 лет назад |
 | CVSS3: 3.7 | 0% Низкий | больше 2 лет назад | |
| CVE-2023-28322 An information disclosure vulnerability exists in curl <v8.1.0 when do ... | CVSS3: 3.7 | 0% Низкий | больше 2 лет назад |
| GHSA-78jh-p6rf-g59w An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if the same handle previously wasused to issue a `PUT` request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the second transfer. The problem exists in the logic for a reused handle when it is (expected to be) changed from a PUT to a POST. | CVSS3: 3.7 | 0% Низкий | больше 2 лет назад |
 | BDU:2023-02895 Уязвимость библиотеки libcurl, связанная с ошибками при отправке HTTP-запросов POST и PUT с использованием одного и того же дескриптора, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации | CVSS3: 7.5 | 0% Низкий | больше 2 лет назад |
| ELSA-2023-4354 ELSA-2023-4354: curl security update (MODERATE) | больше 2 лет назад | ||
 | SUSE-SU-2023:2230-1 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:2227-1 Security update for curl | больше 2 лет назад | ||
 | RLSA-2024:1601 Moderate: curl security and bug fix update | больше 1 года назад | ||
| ELSA-2024-1601 ELSA-2024-1601: curl security and bug fix update (MODERATE) | больше 1 года назад | ||
| SUSE-SU-2023:2224-2 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:2224-1 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:2225-1 Security update for curl | больше 2 лет назад | ||
 | ROS-20230621-24 Множественные уязвимости libCurl | CVSS3: 7.5 | больше 2 лет назад | |
| SUSE-SU-2023:2228-1 Security update for curl | больше 2 лет назад | ||
| SUSE-SU-2023:2226-1 Security update for curl | больше 2 лет назад |
Уязвимостей на страницу