OESA-2023-1005
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2023-1005
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2023-1005.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2023-1005
- Upstream
- Published
- 2023-01-06T11:04:45Z
- Modified
- 2025-08-12T05:15:39.584392Z
- Summary
- curl security update
- Details
-
cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.
Security Fix(es):
A vulnerability was found in curl. In this issue, curl can be asked to tunnel all protocols virtually it supports through an HTTP proxy. HTTP proxies can deny these tunnel operations using an appropriate HTTP error response code. When getting denied to tunnel the specific SMB or TELNET protocols, curl can use a heap-allocated struct after it has been freed and shut down the code path in its transfer.(CVE-2022-43552)
- Database specific
{ "severity": "Medium" }- References
Affected packages
openEuler:20.03-LTS-SP1 / curl
Package
- Name
- curl
- Purl
- pkg:rpm/openEuler/curl&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed7.71.1-20.oe1
Ecosystem specific
{
"src": [
"curl-7.71.1-20.oe1.src.rpm"
],
"x86_64": [
"libcurl-7.71.1-20.oe1.x86_64.rpm",
"curl-debuginfo-7.71.1-20.oe1.x86_64.rpm",
"curl-debugsource-7.71.1-20.oe1.x86_64.rpm",
"curl-7.71.1-20.oe1.x86_64.rpm",
"libcurl-devel-7.71.1-20.oe1.x86_64.rpm"
],
"aarch64": [
"libcurl-devel-7.71.1-20.oe1.aarch64.rpm",
"curl-debuginfo-7.71.1-20.oe1.aarch64.rpm",
"curl-7.71.1-20.oe1.aarch64.rpm",
"curl-debugsource-7.71.1-20.oe1.aarch64.rpm",
"libcurl-7.71.1-20.oe1.aarch64.rpm"
],
"noarch": [
"curl-help-7.71.1-20.oe1.noarch.rpm"
]
}