Количество 16
Количество 16
CVE-2022-32206
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
CVE-2022-32206
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
CVE-2022-32206
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
CVE-2022-32206
curl < 7.84.0 supports "chained" HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb" makingcurl end up spending enormous amounts of allocated heap memory or trying toand returning out of memory errors.
CVE-2022-32206
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning ...
GHSA-pphv-gw4r-gww8
curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.
BDU:2022-06918
Уязвимость программного средства для взаимодействия с серверами CURL, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании
SUSE-SU-2022:2327-1
Security update for curl
SUSE-SU-2022:2288-1
Security update for curl
RLSA-2022:6159
Moderate: curl security update
ELSA-2022-6159
ELSA-2022-6159: curl security update (MODERATE)
RLSA-2022:6157
Moderate: curl security update
ELSA-2022-6157
ELSA-2022-6157: curl security update (MODERATE)
SUSE-SU-2022:2829-1
Security update for curl
SUSE-SU-2022:2813-1
Security update for curl
SUSE-SU-2022:2305-1
Security update for curl
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. | CVSS3: 6.5 | 5% Низкий | больше 3 лет назад |
 | CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. | CVSS3: 6.5 | 5% Низкий | больше 3 лет назад |
 | CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. | CVSS3: 6.5 | 5% Низкий | больше 3 лет назад |
 | CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb" makingcurl end up spending enormous amounts of allocated heap memory or trying toand returning out of memory errors. | CVSS3: 6.5 | 5% Низкий | больше 3 лет назад |
| CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning ... | CVSS3: 6.5 | 5% Низкий | больше 3 лет назад |
| GHSA-pphv-gw4r-gww8 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors. | CVSS3: 6.5 | 5% Низкий | больше 3 лет назад |
 | BDU:2022-06918 Уязвимость программного средства для взаимодействия с серверами CURL, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании | CVSS3: 6.5 | 5% Низкий | больше 3 лет назад |
 | SUSE-SU-2022:2327-1 Security update for curl | больше 3 лет назад | ||
| SUSE-SU-2022:2288-1 Security update for curl | больше 3 лет назад | ||
 | RLSA-2022:6159 Moderate: curl security update | больше 3 лет назад | ||
| ELSA-2022-6159 ELSA-2022-6159: curl security update (MODERATE) | больше 3 лет назад | ||
| RLSA-2022:6157 Moderate: curl security update | больше 3 лет назад | ||
| ELSA-2022-6157 ELSA-2022-6157: curl security update (MODERATE) | больше 3 лет назад | ||
| SUSE-SU-2022:2829-1 Security update for curl | больше 3 лет назад | ||
| SUSE-SU-2022:2813-1 Security update for curl | больше 3 лет назад | ||
| SUSE-SU-2022:2305-1 Security update for curl | больше 3 лет назад |
Уязвимостей на страницу