rhsa-2023:6679
Vulnerability from csaf_redhat
Published
2023-11-07 08:51
Modified
2025-03-15 01:32
Summary
Red Hat Security Advisory: curl security update
Notes
Topic
An update for curl is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.
Security Fix(es):
* curl: GSS delegation too eager connection re-use (CVE-2023-27536)
* curl: TELNET option IAC injection (CVE-2023-27533)
* curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)
* curl: SSH connection too eager reuse still (CVE-2023-27538)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ document: { aggregate_severity: { namespace: "https://access.redhat.com/security/updates/classification/", text: "Moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright © Red Hat, Inc. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "An update for curl is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", title: "Topic", }, { category: "general", text: "The curl packages provide the libcurl library and the curl utility for downloading files from servers using various protocols, including HTTP, FTP, and LDAP.\n\nSecurity Fix(es):\n\n* curl: GSS delegation too eager connection re-use (CVE-2023-27536)\n\n* curl: TELNET option IAC injection (CVE-2023-27533)\n\n* curl: SFTP path ~ resolving discrepancy (CVE-2023-27534)\n\n* curl: SSH connection too eager reuse still (CVE-2023-27538)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes linked from the References section.", title: "Details", }, { category: "legal_disclaimer", text: "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", title: "Terms of Use", }, ], publisher: { category: "vendor", contact_details: "https://access.redhat.com/security/team/contact/", issuing_authority: "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", name: "Red Hat Product Security", namespace: "https://www.redhat.com", }, references: [ { category: "self", summary: "https://access.redhat.com/errata/RHSA-2023:6679", url: "https://access.redhat.com/errata/RHSA-2023:6679", }, { category: "external", summary: "https://access.redhat.com/security/updates/classification/#moderate", url: "https://access.redhat.com/security/updates/classification/#moderate", }, { category: "external", summary: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index", url: "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.3_release_notes/index", }, { category: "external", summary: "2179062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179062", }, { category: "external", summary: "2179069", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179069", }, { category: "external", summary: "2179092", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179092", }, { category: "external", summary: "2179103", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179103", }, { category: "self", summary: "Canonical URL", url: "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6679.json", }, ], title: "Red Hat Security Advisory: curl security update", tracking: { current_release_date: "2025-03-15T01:32:26+00:00", generator: { date: "2025-03-15T01:32:26+00:00", engine: { name: "Red Hat SDEngine", version: "4.4.1", }, }, id: "RHSA-2023:6679", initial_release_date: "2023-11-07T08:51:13+00:00", revision_history: [ { date: "2023-11-07T08:51:13+00:00", number: "1", summary: "Initial version", }, { date: "2023-11-07T08:51:13+00:00", number: "2", summary: "Last updated version", }, { date: "2025-03-15T01:32:26+00:00", number: "3", summary: "Last generated version", }, ], status: "final", version: "3", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_name", name: "Red Hat Enterprise Linux AppStream (v. 9)", product: { name: "Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA", product_identification_helper: { cpe: "cpe:/a:redhat:enterprise_linux:9::appstream", }, }, }, { category: "product_name", name: "Red Hat Enterprise Linux BaseOS (v. 9)", product: { name: "Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA", product_identification_helper: { cpe: "cpe:/o:redhat:enterprise_linux:9::baseos", }, }, }, ], category: "product_family", name: "Red Hat Enterprise Linux", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.76.1-26.el9.aarch64", product: { name: "libcurl-devel-0:7.76.1-26.el9.aarch64", product_id: "libcurl-devel-0:7.76.1-26.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.76.1-26.el9?arch=aarch64", }, }, }, { category: "product_version", name: "curl-debugsource-0:7.76.1-26.el9.aarch64", product: { name: "curl-debugsource-0:7.76.1-26.el9.aarch64", product_id: "curl-debugsource-0:7.76.1-26.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debugsource@7.76.1-26.el9?arch=aarch64", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.76.1-26.el9.aarch64", product: { name: "curl-debuginfo-0:7.76.1-26.el9.aarch64", product_id: "curl-debuginfo-0:7.76.1-26.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.76.1-26.el9?arch=aarch64", }, }, }, { category: "product_version", name: "curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", product: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", product_id: "curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-minimal-debuginfo@7.76.1-26.el9?arch=aarch64", }, }, }, { category: "product_version", name: "libcurl-debuginfo-0:7.76.1-26.el9.aarch64", product: { name: "libcurl-debuginfo-0:7.76.1-26.el9.aarch64", product_id: "libcurl-debuginfo-0:7.76.1-26.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-debuginfo@7.76.1-26.el9?arch=aarch64", }, }, }, { category: "product_version", name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", product: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", product_id: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.76.1-26.el9?arch=aarch64", }, }, }, { category: "product_version", name: "curl-0:7.76.1-26.el9.aarch64", product: { name: "curl-0:7.76.1-26.el9.aarch64", product_id: "curl-0:7.76.1-26.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.76.1-26.el9?arch=aarch64", }, }, }, { category: "product_version", name: "curl-minimal-0:7.76.1-26.el9.aarch64", product: { name: "curl-minimal-0:7.76.1-26.el9.aarch64", product_id: "curl-minimal-0:7.76.1-26.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-minimal@7.76.1-26.el9?arch=aarch64", }, }, }, { category: "product_version", name: "libcurl-0:7.76.1-26.el9.aarch64", product: { name: "libcurl-0:7.76.1-26.el9.aarch64", product_id: "libcurl-0:7.76.1-26.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.76.1-26.el9?arch=aarch64", }, }, }, { category: "product_version", name: "libcurl-minimal-0:7.76.1-26.el9.aarch64", product: { name: "libcurl-minimal-0:7.76.1-26.el9.aarch64", product_id: "libcurl-minimal-0:7.76.1-26.el9.aarch64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-minimal@7.76.1-26.el9?arch=aarch64", }, }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.76.1-26.el9.ppc64le", product: { name: "libcurl-devel-0:7.76.1-26.el9.ppc64le", product_id: "libcurl-devel-0:7.76.1-26.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.76.1-26.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-debugsource-0:7.76.1-26.el9.ppc64le", product: { name: "curl-debugsource-0:7.76.1-26.el9.ppc64le", product_id: "curl-debugsource-0:7.76.1-26.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debugsource@7.76.1-26.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.76.1-26.el9.ppc64le", product: { name: "curl-debuginfo-0:7.76.1-26.el9.ppc64le", product_id: "curl-debuginfo-0:7.76.1-26.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.76.1-26.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", product: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", product_id: "curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl-minimal-debuginfo@7.76.1-26.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", product: { name: "libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", product_id: "libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-debuginfo@7.76.1-26.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", product: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", product_id: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.76.1-26.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-0:7.76.1-26.el9.ppc64le", product: { name: "curl-0:7.76.1-26.el9.ppc64le", product_id: "curl-0:7.76.1-26.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.76.1-26.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "curl-minimal-0:7.76.1-26.el9.ppc64le", product: { name: "curl-minimal-0:7.76.1-26.el9.ppc64le", product_id: "curl-minimal-0:7.76.1-26.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/curl-minimal@7.76.1-26.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "libcurl-0:7.76.1-26.el9.ppc64le", product: { name: "libcurl-0:7.76.1-26.el9.ppc64le", product_id: "libcurl-0:7.76.1-26.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.76.1-26.el9?arch=ppc64le", }, }, }, { category: "product_version", name: "libcurl-minimal-0:7.76.1-26.el9.ppc64le", product: { name: "libcurl-minimal-0:7.76.1-26.el9.ppc64le", product_id: "libcurl-minimal-0:7.76.1-26.el9.ppc64le", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-minimal@7.76.1-26.el9?arch=ppc64le", }, }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.76.1-26.el9.i686", product: { name: "libcurl-devel-0:7.76.1-26.el9.i686", product_id: "libcurl-devel-0:7.76.1-26.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.76.1-26.el9?arch=i686", }, }, }, { category: "product_version", name: "curl-debugsource-0:7.76.1-26.el9.i686", product: { name: "curl-debugsource-0:7.76.1-26.el9.i686", product_id: "curl-debugsource-0:7.76.1-26.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debugsource@7.76.1-26.el9?arch=i686", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.76.1-26.el9.i686", product: { name: "curl-debuginfo-0:7.76.1-26.el9.i686", product_id: "curl-debuginfo-0:7.76.1-26.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.76.1-26.el9?arch=i686", }, }, }, { category: "product_version", name: "curl-minimal-debuginfo-0:7.76.1-26.el9.i686", product: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.i686", product_id: "curl-minimal-debuginfo-0:7.76.1-26.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/curl-minimal-debuginfo@7.76.1-26.el9?arch=i686", }, }, }, { category: "product_version", name: "libcurl-debuginfo-0:7.76.1-26.el9.i686", product: { name: "libcurl-debuginfo-0:7.76.1-26.el9.i686", product_id: "libcurl-debuginfo-0:7.76.1-26.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-debuginfo@7.76.1-26.el9?arch=i686", }, }, }, { category: "product_version", name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", product: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", product_id: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.76.1-26.el9?arch=i686", }, }, }, { category: "product_version", name: "libcurl-0:7.76.1-26.el9.i686", product: { name: "libcurl-0:7.76.1-26.el9.i686", product_id: "libcurl-0:7.76.1-26.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.76.1-26.el9?arch=i686", }, }, }, { category: "product_version", name: "libcurl-minimal-0:7.76.1-26.el9.i686", product: { name: "libcurl-minimal-0:7.76.1-26.el9.i686", product_id: "libcurl-minimal-0:7.76.1-26.el9.i686", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-minimal@7.76.1-26.el9?arch=i686", }, }, }, ], category: "architecture", name: "i686", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.76.1-26.el9.x86_64", product: { name: "libcurl-devel-0:7.76.1-26.el9.x86_64", product_id: "libcurl-devel-0:7.76.1-26.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.76.1-26.el9?arch=x86_64", }, }, }, { category: "product_version", name: "curl-debugsource-0:7.76.1-26.el9.x86_64", product: { name: "curl-debugsource-0:7.76.1-26.el9.x86_64", product_id: "curl-debugsource-0:7.76.1-26.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debugsource@7.76.1-26.el9?arch=x86_64", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.76.1-26.el9.x86_64", product: { name: "curl-debuginfo-0:7.76.1-26.el9.x86_64", product_id: "curl-debuginfo-0:7.76.1-26.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.76.1-26.el9?arch=x86_64", }, }, }, { category: "product_version", name: "curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", product: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", product_id: "curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-minimal-debuginfo@7.76.1-26.el9?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-debuginfo-0:7.76.1-26.el9.x86_64", product: { name: "libcurl-debuginfo-0:7.76.1-26.el9.x86_64", product_id: "libcurl-debuginfo-0:7.76.1-26.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-debuginfo@7.76.1-26.el9?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", product: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", product_id: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.76.1-26.el9?arch=x86_64", }, }, }, { category: "product_version", name: "curl-0:7.76.1-26.el9.x86_64", product: { name: "curl-0:7.76.1-26.el9.x86_64", product_id: "curl-0:7.76.1-26.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.76.1-26.el9?arch=x86_64", }, }, }, { category: "product_version", name: "curl-minimal-0:7.76.1-26.el9.x86_64", product: { name: "curl-minimal-0:7.76.1-26.el9.x86_64", product_id: "curl-minimal-0:7.76.1-26.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/curl-minimal@7.76.1-26.el9?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-0:7.76.1-26.el9.x86_64", product: { name: "libcurl-0:7.76.1-26.el9.x86_64", product_id: "libcurl-0:7.76.1-26.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.76.1-26.el9?arch=x86_64", }, }, }, { category: "product_version", name: "libcurl-minimal-0:7.76.1-26.el9.x86_64", product: { name: "libcurl-minimal-0:7.76.1-26.el9.x86_64", product_id: "libcurl-minimal-0:7.76.1-26.el9.x86_64", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-minimal@7.76.1-26.el9?arch=x86_64", }, }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_version", name: "libcurl-devel-0:7.76.1-26.el9.s390x", product: { name: "libcurl-devel-0:7.76.1-26.el9.s390x", product_id: "libcurl-devel-0:7.76.1-26.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-devel@7.76.1-26.el9?arch=s390x", }, }, }, { category: "product_version", name: "curl-debugsource-0:7.76.1-26.el9.s390x", product: { name: "curl-debugsource-0:7.76.1-26.el9.s390x", product_id: "curl-debugsource-0:7.76.1-26.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debugsource@7.76.1-26.el9?arch=s390x", }, }, }, { category: "product_version", name: "curl-debuginfo-0:7.76.1-26.el9.s390x", product: { name: "curl-debuginfo-0:7.76.1-26.el9.s390x", product_id: "curl-debuginfo-0:7.76.1-26.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl-debuginfo@7.76.1-26.el9?arch=s390x", }, }, }, { category: "product_version", name: "curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", product: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", product_id: "curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl-minimal-debuginfo@7.76.1-26.el9?arch=s390x", }, }, }, { category: "product_version", name: "libcurl-debuginfo-0:7.76.1-26.el9.s390x", product: { name: "libcurl-debuginfo-0:7.76.1-26.el9.s390x", product_id: "libcurl-debuginfo-0:7.76.1-26.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-debuginfo@7.76.1-26.el9?arch=s390x", }, }, }, { category: "product_version", name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", product: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", product_id: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-minimal-debuginfo@7.76.1-26.el9?arch=s390x", }, }, }, { category: "product_version", name: "curl-0:7.76.1-26.el9.s390x", product: { name: "curl-0:7.76.1-26.el9.s390x", product_id: "curl-0:7.76.1-26.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.76.1-26.el9?arch=s390x", }, }, }, { category: "product_version", name: "curl-minimal-0:7.76.1-26.el9.s390x", product: { name: "curl-minimal-0:7.76.1-26.el9.s390x", product_id: "curl-minimal-0:7.76.1-26.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/curl-minimal@7.76.1-26.el9?arch=s390x", }, }, }, { category: "product_version", name: "libcurl-0:7.76.1-26.el9.s390x", product: { name: "libcurl-0:7.76.1-26.el9.s390x", product_id: "libcurl-0:7.76.1-26.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl@7.76.1-26.el9?arch=s390x", }, }, }, { category: "product_version", name: "libcurl-minimal-0:7.76.1-26.el9.s390x", product: { name: "libcurl-minimal-0:7.76.1-26.el9.s390x", product_id: "libcurl-minimal-0:7.76.1-26.el9.s390x", product_identification_helper: { purl: "pkg:rpm/redhat/libcurl-minimal@7.76.1-26.el9?arch=s390x", }, }, }, ], category: "architecture", name: "s390x", }, { branches: [ { category: "product_version", name: "curl-0:7.76.1-26.el9.src", product: { name: "curl-0:7.76.1-26.el9.src", product_id: "curl-0:7.76.1-26.el9.src", product_identification_helper: { purl: "pkg:rpm/redhat/curl@7.76.1-26.el9?arch=src", }, }, }, ], category: "architecture", name: "src", }, ], category: "vendor", name: "Red Hat", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "curl-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", }, product_reference: "curl-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", }, product_reference: "curl-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", }, product_reference: "curl-0:7.76.1-26.el9.s390x", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.76.1-26.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", }, product_reference: "curl-0:7.76.1-26.el9.src", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", }, product_reference: "curl-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", }, product_reference: "curl-debuginfo-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", }, product_reference: "curl-debuginfo-0:7.76.1-26.el9.i686", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", }, product_reference: "curl-debuginfo-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", }, product_reference: "curl-debuginfo-0:7.76.1-26.el9.s390x", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", }, product_reference: "curl-debuginfo-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debugsource-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", }, product_reference: "curl-debugsource-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debugsource-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", }, product_reference: "curl-debugsource-0:7.76.1-26.el9.i686", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debugsource-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", }, product_reference: "curl-debugsource-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debugsource-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", }, product_reference: "curl-debugsource-0:7.76.1-26.el9.s390x", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debugsource-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", }, product_reference: "curl-debugsource-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", }, product_reference: "curl-minimal-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", }, product_reference: "curl-minimal-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", }, product_reference: "curl-minimal-0:7.76.1-26.el9.s390x", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", }, product_reference: "curl-minimal-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", }, product_reference: "curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", }, product_reference: "curl-minimal-debuginfo-0:7.76.1-26.el9.i686", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", }, product_reference: "curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", }, product_reference: "curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", }, product_reference: "curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", }, product_reference: "libcurl-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", }, product_reference: "libcurl-0:7.76.1-26.el9.i686", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", }, product_reference: "libcurl-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", }, product_reference: "libcurl-0:7.76.1-26.el9.s390x", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", }, product_reference: "libcurl-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-debuginfo-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", }, product_reference: "libcurl-debuginfo-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-debuginfo-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", }, product_reference: "libcurl-debuginfo-0:7.76.1-26.el9.i686", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-debuginfo-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", }, product_reference: "libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-debuginfo-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", }, product_reference: "libcurl-debuginfo-0:7.76.1-26.el9.s390x", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-debuginfo-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", }, product_reference: "libcurl-debuginfo-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", }, product_reference: "libcurl-devel-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", }, product_reference: "libcurl-devel-0:7.76.1-26.el9.i686", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", }, product_reference: "libcurl-devel-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", }, product_reference: "libcurl-devel-0:7.76.1-26.el9.s390x", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", }, product_reference: "libcurl-devel-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", }, product_reference: "libcurl-minimal-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", }, product_reference: "libcurl-minimal-0:7.76.1-26.el9.i686", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", }, product_reference: "libcurl-minimal-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", }, product_reference: "libcurl-minimal-0:7.76.1-26.el9.s390x", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", }, product_reference: "libcurl-minimal-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", }, product_reference: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", }, product_reference: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", }, product_reference: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", }, product_reference: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)", product_id: "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", }, product_reference: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "AppStream-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", }, product_reference: "curl-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", }, product_reference: "curl-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", }, product_reference: "curl-0:7.76.1-26.el9.s390x", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.76.1-26.el9.src as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", }, product_reference: "curl-0:7.76.1-26.el9.src", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", }, product_reference: "curl-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", }, product_reference: "curl-debuginfo-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", }, product_reference: "curl-debuginfo-0:7.76.1-26.el9.i686", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", }, product_reference: "curl-debuginfo-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", }, product_reference: "curl-debuginfo-0:7.76.1-26.el9.s390x", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debuginfo-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", }, product_reference: "curl-debuginfo-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debugsource-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", }, product_reference: "curl-debugsource-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debugsource-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", }, product_reference: "curl-debugsource-0:7.76.1-26.el9.i686", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debugsource-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", }, product_reference: "curl-debugsource-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debugsource-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", }, product_reference: "curl-debugsource-0:7.76.1-26.el9.s390x", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-debugsource-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", }, product_reference: "curl-debugsource-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", }, product_reference: "curl-minimal-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", }, product_reference: "curl-minimal-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", }, product_reference: "curl-minimal-0:7.76.1-26.el9.s390x", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", }, product_reference: "curl-minimal-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", }, product_reference: "curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", }, product_reference: "curl-minimal-debuginfo-0:7.76.1-26.el9.i686", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", }, product_reference: "curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", }, product_reference: "curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", }, product_reference: "curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", }, product_reference: "libcurl-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", }, product_reference: "libcurl-0:7.76.1-26.el9.i686", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", }, product_reference: "libcurl-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", }, product_reference: "libcurl-0:7.76.1-26.el9.s390x", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", }, product_reference: "libcurl-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-debuginfo-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", }, product_reference: "libcurl-debuginfo-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-debuginfo-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", }, product_reference: "libcurl-debuginfo-0:7.76.1-26.el9.i686", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-debuginfo-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", }, product_reference: "libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-debuginfo-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", }, product_reference: "libcurl-debuginfo-0:7.76.1-26.el9.s390x", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-debuginfo-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", }, product_reference: "libcurl-debuginfo-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", }, product_reference: "libcurl-devel-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", }, product_reference: "libcurl-devel-0:7.76.1-26.el9.i686", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", }, product_reference: "libcurl-devel-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", }, product_reference: "libcurl-devel-0:7.76.1-26.el9.s390x", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-devel-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", }, product_reference: "libcurl-devel-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", }, product_reference: "libcurl-minimal-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", }, product_reference: "libcurl-minimal-0:7.76.1-26.el9.i686", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", }, product_reference: "libcurl-minimal-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", }, product_reference: "libcurl-minimal-0:7.76.1-26.el9.s390x", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", }, product_reference: "libcurl-minimal-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", }, product_reference: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", }, product_reference: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", }, product_reference: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", }, product_reference: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", relates_to_product_reference: "BaseOS-9.3.0.GA", }, { category: "default_component_of", full_product_name: { name: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64 as a component of Red Hat Enterprise Linux BaseOS (v. 9)", product_id: "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", }, product_reference: "libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", relates_to_product_reference: "BaseOS-9.3.0.GA", }, ], }, vulnerabilities: [ { acknowledgments: [ { names: [ "Daniel Stenberg", "Harry Sintonen", ], }, ], cve: "CVE-2023-27533", cwe: { id: "CWE-75", name: "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)", }, discovery_date: "2023-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2179062", }, ], notes: [ { category: "description", text: "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", title: "Vulnerability description", }, { category: "summary", text: "curl: TELNET option IAC injection", title: "Vulnerability summary", }, { category: "other", text: "While this vulnerability exists in Curl, the potential impact is to a different component. The overall impact is limited to the telnet component. On its own this flaw has a limited to negligible effect on integrity of the entire system, therefore it has been rated as having a Low security impact. This is in alignment with upstream’s impact assessment, their advisory is linked in external references.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27533", }, { category: "external", summary: "RHBZ#2179062", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179062", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27533", url: "https://www.cve.org/CVERecord?id=CVE-2023-27533", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27533", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27533", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-27533.html", url: "https://curl.se/docs/CVE-2023-27533.html", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-07T08:51:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6679", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 4.3, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", integrityImpact: "LOW", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", version: "3.1", }, products: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: TELNET option IAC injection", }, { acknowledgments: [ { names: [ "Daniel Stenberg", "Harry Sintonen", ], }, ], cve: "CVE-2023-27534", cwe: { id: "CWE-22", name: "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", }, discovery_date: "2023-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2179069", }, ], notes: [ { category: "description", text: "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", title: "Vulnerability description", }, { category: "summary", text: "curl: SFTP path ~ resolving discrepancy", title: "Vulnerability summary", }, { category: "other", text: "In a containerized environment running SELinux in enforcing mode, such as Red Hat OpenShift Container Platform, this vulnerability does not allow an attacker to escape the boundary of a container. In this case no additional access is gained, there is an additional (but more complicated step) to look at files the user already has access to.\n\nThe upstream project (Curl) also rated this CVE as Low, see link in External References.\n\nIt is unlikely that Red Hat offerings are utilizing the SFTP feature of Curl, so the opportunity to exploit it may not exist. For those reasons Red Hat Product Security rates the impact as Low.", title: "Statement", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27534", }, { category: "external", summary: "RHBZ#2179069", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179069", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27534", url: "https://www.cve.org/CVERecord?id=CVE-2023-27534", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27534", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27534", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-27534.html", url: "https://curl.se/docs/CVE-2023-27534.html", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-07T08:51:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6679", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 3.7, baseSeverity: "LOW", confidentialityImpact: "LOW", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Low", }, ], title: "curl: SFTP path ~ resolving discrepancy", }, { acknowledgments: [ { names: [ "Harry Sintonen", "Daniel Stenberg", ], }, ], cve: "CVE-2023-27536", cwe: { id: "CWE-305", name: "Authentication Bypass by Primary Weakness", }, discovery_date: "2023-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2179092", }, ], notes: [ { category: "description", text: "A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting krb5/kerberos/negotiate/GSSAPI transfers.", title: "Vulnerability description", }, { category: "summary", text: "curl: GSS delegation too eager connection re-use", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27536", }, { category: "external", summary: "RHBZ#2179092", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179092", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27536", url: "https://www.cve.org/CVERecord?id=CVE-2023-27536", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27536", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27536", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-27536.html", url: "https://curl.se/docs/CVE-2023-27536.html", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-07T08:51:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6679", }, ], scores: [ { cvss_v3: { attackComplexity: "HIGH", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 5.9, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: GSS delegation too eager connection re-use", }, { acknowledgments: [ { names: [ "Harry Sintonen", "Daniel Stenberg", ], }, ], cve: "CVE-2023-27538", cwe: { id: "CWE-305", name: "Authentication Bypass by Primary Weakness", }, discovery_date: "2023-03-16T00:00:00+00:00", ids: [ { system_name: "Red Hat Bugzilla ID", text: "2179103", }, ], notes: [ { category: "description", text: "An authentication bypass vulnerability exists in libcurl prior to v8.0.0 where it reuses a previously established SSH connection despite the fact that an SSH option was modified, which should have prevented reuse. libcurl maintains a pool of previously used connections to reuse them for subsequent transfers if the configurations match. However, two SSH settings were omitted from the configuration check, allowing them to match easily, potentially leading to the reuse of an inappropriate connection.", title: "Vulnerability description", }, { category: "summary", text: "curl: SSH connection too eager reuse still", title: "Vulnerability summary", }, { category: "general", text: "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", title: "CVSS score applicability", }, ], product_status: { fixed: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], }, references: [ { category: "self", summary: "Canonical URL", url: "https://access.redhat.com/security/cve/CVE-2023-27538", }, { category: "external", summary: "RHBZ#2179103", url: "https://bugzilla.redhat.com/show_bug.cgi?id=2179103", }, { category: "external", summary: "https://www.cve.org/CVERecord?id=CVE-2023-27538", url: "https://www.cve.org/CVERecord?id=CVE-2023-27538", }, { category: "external", summary: "https://nvd.nist.gov/vuln/detail/CVE-2023-27538", url: "https://nvd.nist.gov/vuln/detail/CVE-2023-27538", }, { category: "external", summary: "https://curl.se/docs/CVE-2023-27538.html", url: "https://curl.se/docs/CVE-2023-27538.html", }, ], release_date: "2023-03-20T00:00:00+00:00", remediations: [ { category: "vendor_fix", date: "2023-11-07T08:51:13+00:00", details: "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", product_ids: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], restart_required: { category: "none", }, url: "https://access.redhat.com/errata/RHSA-2023:6679", }, ], scores: [ { cvss_v3: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "NONE", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "LOW", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, products: [ "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.src", "AppStream-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "AppStream-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.src", "BaseOS-9.3.0.GA:curl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-debugsource-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:curl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-debuginfo-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-devel-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-0:7.76.1-26.el9.x86_64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.aarch64", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.i686", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.ppc64le", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.s390x", "BaseOS-9.3.0.GA:libcurl-minimal-debuginfo-0:7.76.1-26.el9.x86_64", ], }, ], threats: [ { category: "impact", details: "Moderate", }, ], title: "curl: SSH connection too eager reuse still", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.