Page 2 of 13 results (0.008 seconds)

CVSS: 7.5EPSS: 0%CPEs: 49EXPL: 1

A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network. Un usuario puede decirle a curl versiones posteriores a 7.20.0 incluyéndola , y versiones anteriores a 7.78.0 incluyéndola, que requiera una actualización con éxito a TLS cuando hable con un servidor IMAP, POP3 o FTP ("--ssl-reqd" en la línea de comandos o "CURLOPT_USE_SSL" configurado como "CURLUSESSL_CONTROL" o "CURLUSESSL_ALL" conlibcurl). Este requisito podría ser omitido si el servidor devolviera una respuesta correctamente diseñada pero perfectamente legítima. Este fallo haría que curl continuara silenciosamente sus operaciones **withoutTLS** en contra de las instrucciones y expectativas, exponiendo posiblemente datos confidenciales en texto sin cifrar a través de la red A flaw was found in curl. • http://seclists.org/fulldisclosure/2022/Mar/29 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://hackerone.com/reports/1334111 https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67 • CWE-319: Cleartext Transmission of Sensitive Information CWE-325: Missing Cryptographic Step •

CVSS: 5.3EPSS: 0%CPEs: 35EXPL: 1

curl 7.61.0 through 7.76.1 suffers from exposure of data element to wrong session due to a mistake in the code for CURLOPT_SSL_CIPHER_LIST when libcurl is built to use the Schannel TLS library. The selected cipher set was stored in a single "static" variable in the library, which has the surprising side-effect that if an application sets up multiple concurrent transfers, the last one that sets the ciphers will accidentally control the set used by all transfers. In a worst-case scenario, this weakens transport security significantly. curl versiones 7.61.0 hasta 7.76.1, sufre de exposición de un elemento de datos a una sesión equivocada debido a un error en el código para la función CURLOPT_SSL_CIPHER_LIST cuando libcurl es construído para usar la biblioteca TLS de Schannel. El ajuste de cifrado seleccionado se almacenaba en una única variable "static" en la biblioteca, lo que tiene el sorprendente efecto secundario de que si una aplicación establece múltiples transferencias concurrentes, la última que ajusta los cifrados controlará accidentalmente el ajuste usado por todas las transferencias. En el peor de los casos, esto debilita significativamente la seguridad del transporte • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://curl.se/docs/CVE-2021-22897.html https://github.com/curl/curl/commit/bbb71507b7bab52002f9b1e0880bed6a32834511 https://hackerone.com/reports/1172857 https://security.netapp.com/advisory/ntap-20210727-0007 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujan2022.html • CWE-668: Exposure of Resource to Wrong Sphere CWE-840: Business Logic Errors •

CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 1

Libgcrypt before 1.8.8 and 1.9.x before 1.9.3 mishandles ElGamal encryption because it lacks exponent blinding to address a side-channel attack against mpi_powm, and the window size is not chosen appropriately. This, for example, affects use of ElGamal in OpenPGP. Libgcrypt versiones anteriores a 1.8.8 y versiones 1.9.x anteriores a 1.9.3, maneja inapropiadamente el cifrado de ElGamal porque carece de cegado de exponentes para hacer frente a un ataque de canal lateral contra la función mpi_powm, y el tamaño de la ventana no se elige apropiadamente. Esto, por ejemplo, afecta el uso de ElGamal en OpenPGP. A side-channel attack flaw was found in the way libgcrypt implemented Elgamal encryption. • https://github.com/IBM/PGP-client-checker-CVE-2021-33560 https://dev.gnupg.org/T5305 https://dev.gnupg.org/T5328 https://dev.gnupg.org/T5466 https://dev.gnupg.org/rCe8b7f10be275bcedb5fc05ed4837a89bfd605c61 https://lists.debian.org/debian-lts-announce/2021/06/msg00021.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BKKTOIGFW2SGN3DO2UHHVZ7MJSYN4AAB https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/R7OAPCUGPF3VLA7QAJUQSL255D4ITVTL • CWE-203: Observable Discrepancy CWE-327: Use of a Broken or Risky Cryptographic Algorithm •

CVSS: 8.1EPSS: 10%CPEs: 40EXPL: 2

curl 7.75.0 through 7.76.1 suffers from a use-after-free vulnerability resulting in already freed memory being used when a TLS 1.3 session ticket arrives over a connection. A malicious server can use this in rare unfortunate circumstances to potentially reach remote code execution in the client. When libcurl at run-time sets up support for TLS 1.3 session tickets on a connection using OpenSSL, it stores pointers to the transfer in-memory object for later retrieval when a session ticket arrives. If the connection is used by multiple transfers (like with a reused HTTP/1.1 connection or multiplexed HTTP/2 connection) that first transfer object might be freed before the new session is established on that connection and then the function will access a memory buffer that might be freed. When using that memory, libcurl might even call a function pointer in the object, making it possible for a remote code execution if the server could somehow manage to get crafted memory content into the correct place in memory. curl versiones 7.75.0 hasta 7.76.1 sufre de una vulnerabilidad de uso de la memoria previamente liberada que resulta en el uso de memoria ya liberada cuando un ticket de sesión TLS 1.3 llega a través de una conexión. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-732250.pdf https://curl.se/docs/CVE-2021-22901.html https://github.com/curl/curl/commit/7f4a9a9b2a49547eae24d2e19bc5c346e9026479 https://hackerone.com/reports/1180380 https://security.netapp.com/advisory/ntap-20210723-0001 https://security.netapp.com/advisory/ntap-20210727-0007 https://www.oracle.com//security-alerts/cpujul2021.html https://www.oracle.com/security-alerts/cpuapr2022. • CWE-416: Use After Free •

CVSS: 3.1EPSS: 0%CPEs: 18EXPL: 2

curl 7.7 through 7.76.1 suffers from an information disclosure when the `-t` command line option, known as `CURLOPT_TELNETOPTIONS` in libcurl, is used to send variable=content pairs to TELNET servers. Due to a flaw in the option parser for sending NEW_ENV variables, libcurl could be made to pass on uninitialized data from a stack based buffer to the server, resulting in potentially revealing sensitive internal information to the server using a clear-text network protocol. curl versiones 7.7 hasta 7.76.1 sufre de una divulgacion de información cuando la opción de línea de comandos "-t", conocida como "CURLOPT_TELNETOPTIONS" en libcurl, se usa para enviar pares de variables=contenido a servidores TELNET. Debido a un fallo en el analizador de opciones para el envío de variables NEW_ENV, podría hacer que libcurl pasara datos no inicializados de un búfer basado en la pila al servidor, resultando en una potencial divulgación de información interna confidencial al servidor que usaba un protocolo de red de texto sin cifrar A flaw was found in the way curl handled telnet protocol option for sending environment variables, which could lead to sending of uninitialized data from a stack-based buffer to the server. This issue leads to potentially revealing sensitive internal information to the server using a clear-text network protocol. • http://www.openwall.com/lists/oss-security/2021/07/21/4 https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://curl.se/docs/CVE-2021-22898.html https://github.com/curl/curl/commit/39ce47f219b09c380b81f89fe54ac586c8db6bde https://hackerone.com/reports/1176461 https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E https://lists.debian.org/debian-lts-announce/2021/08/msg00017.html https://lists.debian.org/debian-lts-ann • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-908: Use of Uninitialized Resource CWE-909: Missing Initialization of Resource •