Improper Input Validation Affecting curl package, versions <7.24.0-1
Snyk CVSS
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-DEBIAN11-CURL-515970
- published 6 Sep 2011
- disclosed 6 Sep 2011
How to fix?
Upgrade Debian:11
curl
to version 7.24.0-1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream curl
package and not the curl
package as distributed by Debian:11
.
See How to fix?
for Debian:11
relevant fixed versions and status.
The SSL protocol, as used in certain configurations in Microsoft Windows and Microsoft Internet Explorer, Mozilla Firefox, Google Chrome, Opera, and other products, encrypts data by using CBC mode with chained initialization vectors, which allows man-in-the-middle attackers to obtain plaintext HTTP headers via a blockwise chosen-boundary attack (BCBA) on an HTTPS session, in conjunction with JavaScript code that uses (1) the HTML5 WebSocket API, (2) the Java URLConnection API, or (3) the Silverlight WebClient API, aka a "BEAST" attack.
References
- ADVISORY
- APPLE
- APPLE
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Advisory
- Apple Security Announcement
- Apple Security Announcement
- Apple Security Announcement
- Apple Security Announcement
- Apple Security Announcement
- CERT
- Cert Vulnerability Note
- Chrome Release
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- CONFIRM
- Debian Security Advisory
- Gentoo Security Advisory
- Gentoo Security Advisory
- HP
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- HP Security Bulletin
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MISC
- MS
- MS
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- OpenSuse Security Announcement
- Oracle Security Bulletin
- Oracle Security Bulletin
- Oracle Security Bulletin
- OSVDB
- Oval Security
- RedHat Bugzilla Bug
- RedHat Security Advisory
- RedHat Security Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Secunia Advisory
- Security Focus
- Security Focus
- Security Tracker
- Security Tracker
- Security Tracker
- Security Tracker
- SUSE
- SUSE
- SUSE
- Ubuntu CVE Tracker
- Ubuntu Security Advisory