git: d27d971cca05 - main - security/vuxml: Document multiple vulnerabilities in curl
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sun, 05 Mar 2023 01:02:54 UTC
The branch main has been updated by yasu:
URL: https://cgit.FreeBSD.org/ports/commit/?id=d27d971cca05ec54857e60cfa81cfe9b7d1702c0
commit d27d971cca05ec54857e60cfa81cfe9b7d1702c0
Author: Yasuhiro Kimura <yasu@FreeBSD.org>
AuthorDate: 2023-03-05 00:13:06 +0000
Commit: Yasuhiro Kimura <yasu@FreeBSD.org>
CommitDate: 2023-03-05 01:02:16 +0000
security/vuxml: Document multiple vulnerabilities in curl
---
security/vuxml/vuln/2023.xml | 73 ++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 73 insertions(+)
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml
index a7553027e0a6..1252eb39342f 100644
--- a/security/vuxml/vuln/2023.xml
+++ b/security/vuxml/vuln/2023.xml
@@ -1,3 +1,76 @@
+ <vuln vid="be233fc6-bae7-11ed-a4fb-080027f5fec9">
+ <topic>curl -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>curl</name>
+ <range><lt>7.88.0</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Harry Sintonen and Patrick Monnerat report:</p>
+ <blockquote cite="https://curl.se/docs/security.html">
+ <dl>
+ <dt>CVE-2023-23914</dt>
+ <dd>
+ A cleartext transmission of sensitive information
+ vulnerability exists in curl < v7.88.0 that could
+ cause HSTS functionality fail when multiple URLs are
+ requested serially. Using its HSTS support, curl can be
+ instructed to use HTTPS instead of using an insecure
+ clear-text HTTP step even when HTTP is provided in the
+ URL. This HSTS mechanism would however surprisingly be
+ ignored by subsequent transfers when done on the same
+ command line because the state would not be properly
+ carried on.
+ </dd>
+ <dt>CVE-2023-23915</dt>
+ <dd>
+ A cleartext transmission of sensitive information
+ vulnerability exists in curl < v7.88.0 that could
+ cause HSTS functionality to behave incorrectly when
+ multiple URLs are requested in parallel. Using its HSTS
+ support, curl can be instructed to use HTTPS instead of
+ using an insecure clear-text HTTP step even when HTTP is
+ provided in the URL. This HSTS mechanism would however
+ surprisingly fail when multiple transfers are done in
+ parallel as the HSTS cache file gets overwritten by the
+ most recently completed transfer. A later HTTP-only
+ transfer to the earlier host name would then *not* get
+ upgraded properly to HSTS.
+ </dd>
+ <dt>CVE-2023-23916</dt>
+ <dd>
+ An allocation of resources without limits or throttling
+ vulnerability exists in curl < v7.88.0 based on the
+ "chained" HTTP compression algorithms, meaning
+ that a server response can be compressed multiple times
+ and potentially with different algorithms. The number of
+ acceptable "links" in this "decompression
+ chain" was capped, but the cap was implemented on a
+ per-header basis allowing a malicious server to insert a
+ virtually unlimited number of compression steps simply
+ by using many headers. The use of such a decompression
+ chain could result in a "malloc bomb", making
+ curl end up spending enormous amounts of allocated heap
+ memory, or trying to and returning out of memory errors.
+ </dd>
+ </dl>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2023-23914</cvename>
+ <cvename>CVE-2023-23915</cvename>
+ <cvename>CVE-2023-23916</cvename>
+ <url>https://curl.se/docs/security.html</url>
+ </references>
+ <dates>
+ <discovery>2023-02-15</discovery>
+ <entry>2023-03-05</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3f9b6943-ba58-11ed-bbbd-00e0670f2660">
<topic>strongSwan -- certificate verification vulnerability</topic>
<affects>