exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 15

GHSA-pphv-gw4r-gww8

около 3 лет назад

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.

CVSS3: 6.5

EPSS: Низкий

CVE-2022-32206

около 3 лет назад

CVSS3: 6.5

EPSS: Низкий

CVE-2022-32206

около 3 лет назад

CVSS3: 6.5

EPSS: Низкий

CVE-2022-32206

около 3 лет назад

CVSS3: 6.5

EPSS: Низкий

CVE-2022-32206

около 3 лет назад

CVSS3: 6.5

EPSS: Низкий

CVE-2022-32206

около 3 лет назад

curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning ...

CVSS3: 6.5

EPSS: Низкий

BDU:2022-06918

около 3 лет назад

Уязвимость программного средства для взаимодействия с серверами CURL, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании

CVSS3: 6.5

EPSS: Низкий

SUSE-SU-2022:2327-1

около 3 лет назад

Security update for curl

EPSS: Низкий

SUSE-SU-2022:2288-1

около 3 лет назад

Security update for curl

EPSS: Низкий

RLSA-2022:6159

почти 3 года назад

Moderate: curl security update

EPSS: Низкий

ELSA-2022-6159

почти 3 года назад

ELSA-2022-6159: curl security update (MODERATE)

EPSS: Низкий

ELSA-2022-6157

почти 3 года назад

ELSA-2022-6157: curl security update (MODERATE)

EPSS: Низкий

SUSE-SU-2022:2829-1

почти 3 года назад

Security update for curl

EPSS: Низкий

SUSE-SU-2022:2813-1

почти 3 года назад

Security update for curl

EPSS: Низкий

SUSE-SU-2022:2305-1

около 3 лет назад

Security update for curl

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
GHSA-pphv-gw4r-gww8 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.	CVSS3: 6.5	3% Низкий	около 3 лет назад
CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.	CVSS3: 6.5	3% Низкий	около 3 лет назад
CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.	CVSS3: 6.5	3% Низкий	около 3 лет назад
CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning that a serverresponse can be compressed multiple times and potentially with different algorithms. The number of acceptable "links" in this "decompression chain" was unbounded, allowing a malicious server to insert a virtually unlimited number of compression steps.The use of such a decompression chain could result in a "malloc bomb", makingcurl end up spending enormous amounts of allocated heap memory, or trying toand returning out of memory errors.	CVSS3: 6.5	3% Низкий	около 3 лет назад
CVE-2022-32206	CVSS3: 6.5	3% Низкий	около 3 лет назад
CVE-2022-32206 curl < 7.84.0 supports "chained" HTTP compression algorithms, meaning ...	CVSS3: 6.5	3% Низкий	около 3 лет назад
BDU:2022-06918 Уязвимость программного средства для взаимодействия с серверами CURL, связанная с выделением неограниченной памяти, позволяющая нарушителю вызвать отказ в обслуживании	CVSS3: 6.5	3% Низкий	около 3 лет назад
SUSE-SU-2022:2327-1 Security update for curl			около 3 лет назад
SUSE-SU-2022:2288-1 Security update for curl			около 3 лет назад
RLSA-2022:6159 Moderate: curl security update			почти 3 года назад
ELSA-2022-6159 ELSA-2022-6159: curl security update (MODERATE)			почти 3 года назад
ELSA-2022-6157 ELSA-2022-6157: curl security update (MODERATE)			почти 3 года назад
SUSE-SU-2022:2829-1 Security update for curl			почти 3 года назад
SUSE-SU-2022:2813-1 Security update for curl			почти 3 года назад
SUSE-SU-2022:2305-1 Security update for curl			около 3 лет назад

Уязвимостей на страницу