ALT-PU-2024-1813-3

Package update curl in branch p10

Version8.6.0-alt1

Published2024-03-15

Max severityMEDIUM

Severity:

Closed issues (2)

LOW3.8

Уязвимость реализации протокола TLS утилиты командной строки cURL, позволяющая нарушителю обойти ограничения безопасности и получить несанкционированный доступ к защищаемой информации

Published: 2024-02-06Modified: 2025-03-05

CVSS 3.xLOW 3.8

CVSS:3.x/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

CVSS 2.0MEDIUM 4.7

CVSS:2.0/AV:N/AC:L/Au:M/C:P/I:P/A:N

References

CVE-2024-0853

MEDIUM5.3

curl inadvertently kept the SSL session ID for connections in its cache even when the verify status (OCSP stapling) test failed. A subsequent transfer to the same hostname could then succeed if the session ID cache was still fresh, which then skipped the verify status check.

Published: 2024-02-03Modified: 2025-06-20

CVSS 3.xMEDIUM 5.3

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References