CVE-2023-28321
- EPSS 0.3%
- Published 26.05.2023 21:15:16
- Last modified 15.01.2025 16:15:26
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function...
CVE-2023-28322
- EPSS 0.5%
- Published 26.05.2023 21:15:16
- Last modified 21.11.2024 07:54:50
An information disclosure vulnerability exists in curl <v8.1.0 when doing HTTP(S) transfers, libcurl might erroneously use the read callback (`CURLOPT_READFUNCTION`) to ask for data to send, even when the `CURLOPT_POSTFIELDS` option has been set, if ...
CVE-2023-28320
- EPSS 0.64%
- Published 26.05.2023 21:15:15
- Last modified 15.01.2025 16:15:25
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow...
CVE-2023-28319
- EPSS 0.32%
- Published 26.05.2023 21:15:10
- Last modified 15.01.2025 16:15:25
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error m...
- EPSS 25.23%
- Published 21.06.2022 15:15:09
- Last modified 15.09.2025 14:15:33
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022...