Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested serially. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-23914)
Harry Sintonen discovered that curl incorrectly handled HSTS support when multiple URLs are requested in parallel. A remote attacker could possibly use this issue to cause curl to use unencrypted connections. This issue only affected Ubuntu 22.04 LTS, and Ubuntu 22.10. (CVE-2023-23915)
Patrick Monnerat discovered that curl incorrectly handled memory when processing requests with multi-header compression. A remote attacker could possibly use this issue to cause curl to consume resources, leading to a denial of service. (CVE-2023-23916)
{ "availability": "No subscription required", "binaries": [ { "curl-dbgsym": "7.58.0-2ubuntu3.23", "curl": "7.58.0-2ubuntu3.23", "libcurl4": "7.58.0-2ubuntu3.23", "libcurl4-gnutls-dev": "7.58.0-2ubuntu3.23", "libcurl4-dbgsym": "7.58.0-2ubuntu3.23", "libcurl3-nss": "7.58.0-2ubuntu3.23", "libcurl4-doc": "7.58.0-2ubuntu3.23", "libcurl3-nss-dbgsym": "7.58.0-2ubuntu3.23", "libcurl3-gnutls": "7.58.0-2ubuntu3.23", "libcurl3-gnutls-dbgsym": "7.58.0-2ubuntu3.23", "libcurl4-openssl-dev": "7.58.0-2ubuntu3.23", "libcurl4-nss-dev": "7.58.0-2ubuntu3.23" } ] }
{ "availability": "No subscription required", "binaries": [ { "curl-dbgsym": "7.68.0-1ubuntu2.16", "curl": "7.68.0-1ubuntu2.16", "libcurl4": "7.68.0-1ubuntu2.16", "libcurl4-gnutls-dev": "7.68.0-1ubuntu2.16", "libcurl4-dbgsym": "7.68.0-1ubuntu2.16", "libcurl3-nss": "7.68.0-1ubuntu2.16", "libcurl4-doc": "7.68.0-1ubuntu2.16", "libcurl3-nss-dbgsym": "7.68.0-1ubuntu2.16", "libcurl3-gnutls": "7.68.0-1ubuntu2.16", "libcurl3-gnutls-dbgsym": "7.68.0-1ubuntu2.16", "libcurl4-openssl-dev": "7.68.0-1ubuntu2.16", "libcurl4-nss-dev": "7.68.0-1ubuntu2.16" } ] }
{ "availability": "No subscription required", "binaries": [ { "curl-dbgsym": "7.81.0-1ubuntu1.8", "curl": "7.81.0-1ubuntu1.8", "libcurl4": "7.81.0-1ubuntu1.8", "libcurl4-gnutls-dev": "7.81.0-1ubuntu1.8", "libcurl4-dbgsym": "7.81.0-1ubuntu1.8", "libcurl3-nss": "7.81.0-1ubuntu1.8", "libcurl4-doc": "7.81.0-1ubuntu1.8", "libcurl3-nss-dbgsym": "7.81.0-1ubuntu1.8", "libcurl3-gnutls": "7.81.0-1ubuntu1.8", "libcurl3-gnutls-dbgsym": "7.81.0-1ubuntu1.8", "libcurl4-openssl-dev": "7.81.0-1ubuntu1.8", "libcurl4-nss-dev": "7.81.0-1ubuntu1.8" } ] }