{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "8.12.1.tuxcare.els3-r0:\n - CVE-2026-3783\n - CVE-2026-3784", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/alpinelinux3.18els/advisories/2026/clsa-2026_1773926067.json" } ], "tracking": { "current_release_date": "2026-05-22T17:48:13Z", "generator": { "date": "2026-05-22T17:48:13Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1773926067", "initial_release_date": "2026-03-19T13:15:30Z", "revision_history": [ { "date": "2026-03-19T13:15:30Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-28T14:27:11Z", "number": "2", "summary": "Update document" }, { "date": "2026-05-22T17:48:13Z", "number": "3", "summary": "Update document" } ], "status": "final", "version": "3" }, "title": "curl: Fix of 2 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Alpine Linux 3.18", "product": { "name": "Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18", "product_identification_helper": { "cpe": "cpe:2.3:o:alpinelinux:alpine_linux:3.18:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Alpine Linux" } ], "category": "vendor", "name": "Alpine Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "product": { "name": "curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "product_id": "curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-fish-completion@8.12.1.tuxcare.els3-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-8.12.1.tuxcare.els3-rr0.x86_64", "product": { "name": "curl-8.12.1.tuxcare.els3-rr0.x86_64", "product_id": "curl-8.12.1.tuxcare.els3-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl@8.12.1.tuxcare.els3-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "product": { "name": "curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "product_id": "curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-doc@8.12.1.tuxcare.els3-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "product": { "name": "curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "product_id": "curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-zsh-completion@8.12.1.tuxcare.els3-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "libcurl-8.12.1.tuxcare.els3-rr0.x86_64", "product": { "name": "libcurl-8.12.1.tuxcare.els3-rr0.x86_64", "product_id": "libcurl-8.12.1.tuxcare.els3-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libcurl@8.12.1.tuxcare.els3-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "product": { "name": "curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "product_id": "curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-static@8.12.1.tuxcare.els3-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "product": { "name": "curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "product_id": "curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-dev@8.12.1.tuxcare.els3-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "product": { "name": "curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "product_id": "curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-static@8.12.1.tuxcare.els2-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "libcurl-8.12.1.tuxcare.els2-rr0.x86_64", "product": { "name": "libcurl-8.12.1.tuxcare.els2-rr0.x86_64", "product_id": "libcurl-8.12.1.tuxcare.els2-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libcurl@8.12.1.tuxcare.els2-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "product": { "name": "curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "product_id": "curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-doc@8.12.1.tuxcare.els2-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-8.12.1.tuxcare.els2-rr0.x86_64", "product": { "name": "curl-8.12.1.tuxcare.els2-rr0.x86_64", "product_id": "curl-8.12.1.tuxcare.els2-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl@8.12.1.tuxcare.els2-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "product": { "name": "curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "product_id": "curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-dev@8.12.1.tuxcare.els2-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "product": { "name": "curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "product_id": "curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-fish-completion@8.12.1.tuxcare.els2-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "product": { "name": "curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "product_id": "curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-zsh-completion@8.12.1.tuxcare.els2-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libcurl@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-static@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-dev@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-zsh-completion@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-doc@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product": { "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product_id": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-fish-completion@8.12.1.tuxcare.els1-rr0?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "product": { "name": "curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "product_id": "curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-fish-completion@8.12.1.tuxcare.els3-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-8.12.1.tuxcare.els3-rr0.aarch64", "product": { "name": "curl-8.12.1.tuxcare.els3-rr0.aarch64", "product_id": "curl-8.12.1.tuxcare.els3-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl@8.12.1.tuxcare.els3-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "product": { "name": "curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "product_id": "curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-doc@8.12.1.tuxcare.els3-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "product": { "name": "curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "product_id": "curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-zsh-completion@8.12.1.tuxcare.els3-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "product": { "name": "libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "product_id": "libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libcurl@8.12.1.tuxcare.els3-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "product": { "name": "curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "product_id": "curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-static@8.12.1.tuxcare.els3-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "product": { "name": "curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "product_id": "curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-dev@8.12.1.tuxcare.els3-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "product": { "name": "curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "product_id": "curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-static@8.12.1.tuxcare.els2-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "product": { "name": "libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "product_id": "libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libcurl@8.12.1.tuxcare.els2-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "product": { "name": "curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "product_id": "curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-doc@8.12.1.tuxcare.els2-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-8.12.1.tuxcare.els2-rr0.aarch64", "product": { "name": "curl-8.12.1.tuxcare.els2-rr0.aarch64", "product_id": "curl-8.12.1.tuxcare.els2-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl@8.12.1.tuxcare.els2-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "product": { "name": "curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "product_id": "curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-dev@8.12.1.tuxcare.els2-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "product": { "name": "curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "product_id": "curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-fish-completion@8.12.1.tuxcare.els2-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "product": { "name": "curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "product_id": "curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-zsh-completion@8.12.1.tuxcare.els2-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/libcurl@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-static@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-dev@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-zsh-completion@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-doc@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product": { "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product_id": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/curl-fish-completion@8.12.1.tuxcare.els1-rr0?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64" }, "product_reference": "curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64" }, "product_reference": "curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-8.12.1.tuxcare.els3-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64" }, "product_reference": "curl-8.12.1.tuxcare.els3-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-8.12.1.tuxcare.els3-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64" }, "product_reference": "curl-8.12.1.tuxcare.els3-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-doc-8.12.1.tuxcare.els3-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64" }, "product_reference": "curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-doc-8.12.1.tuxcare.els3-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64" }, "product_reference": "curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64" }, "product_reference": "curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64" }, "product_reference": "curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-8.12.1.tuxcare.els3-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" }, "product_reference": "libcurl-8.12.1.tuxcare.els3-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-8.12.1.tuxcare.els3-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64" }, "product_reference": "libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-static-8.12.1.tuxcare.els3-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64" }, "product_reference": "curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-static-8.12.1.tuxcare.els3-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64" }, "product_reference": "curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-dev-8.12.1.tuxcare.els3-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64" }, "product_reference": "curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-dev-8.12.1.tuxcare.els3-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64" }, "product_reference": "curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-static-8.12.1.tuxcare.els2-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64" }, "product_reference": "curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-static-8.12.1.tuxcare.els2-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64" }, "product_reference": "curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-8.12.1.tuxcare.els2-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64" }, "product_reference": "libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-8.12.1.tuxcare.els2-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" }, "product_reference": "libcurl-8.12.1.tuxcare.els2-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-doc-8.12.1.tuxcare.els2-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64" }, "product_reference": "curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-doc-8.12.1.tuxcare.els2-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64" }, "product_reference": "curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-8.12.1.tuxcare.els2-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64" }, "product_reference": "curl-8.12.1.tuxcare.els2-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-8.12.1.tuxcare.els2-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64" }, "product_reference": "curl-8.12.1.tuxcare.els2-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-dev-8.12.1.tuxcare.els2-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64" }, "product_reference": "curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-dev-8.12.1.tuxcare.els2-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64" }, "product_reference": "curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64" }, "product_reference": "curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64" }, "product_reference": "curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64" }, "product_reference": "curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64" }, "product_reference": "curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-static-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-static-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-dev-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-dev-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-doc-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-doc-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64" }, "product_reference": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64" }, "product_reference": "curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-43551", "cwe": { "id": "CWE-319", "name": "Cleartext Transmission of Sensitive Information" }, "notes": [ { "category": "description", "text": "A vulnerability exists in curl <7.87.0 HSTS check that could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. However, the HSTS mechanism could be bypassed if the host name in the given URL first uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) `.`. Then in a subsequent request, it does not detect the HSTS state and makes a clear text transfer. Because it would store the info IDN encoded but look for it IDN decoded.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-43551" }, { "category": "external", "summary": "https://hackerone.com/reports/1755083", "url": "https://hackerone.com/reports/1755083" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TVWZW5CNSJ7UYAF2BGSYAWAEXDJYUBHA/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202310-12", "url": "https://security.gentoo.org/glsa/202310-12" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230427-0007/", "url": "https://security.netapp.com/advisory/ntap-20230427-0007/" } ], "release_date": "2022-12-23T15:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2022-12-23T15:15:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2018-16890", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2018-16890" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/106947", "url": "http://www.securityfocus.com/bid/106947" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2019:3701", "url": "https://access.redhat.com/errata/RHSA-2019:3701" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" }, { "category": "external", "summary": "https://curl.haxx.se/docs/CVE-2018-16890.html", "url": "https://curl.haxx.se/docs/CVE-2018-16890.html" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E", "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20190315-0001/", "url": "https://security.netapp.com/advisory/ntap-20190315-0001/" }, { "category": "external", "summary": "https://support.f5.com/csp/article/K03314397?utm_source=f5support&%3Butm_medium=RSS", "url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support&%3Butm_medium=RSS" }, { "category": "external", "summary": "https://usn.ubuntu.com/3882-1/", "url": "https://usn.ubuntu.com/3882-1/" }, { "category": "external", "summary": "https://www.debian.org/security/2019/dsa-4386", "url": "https://www.debian.org/security/2019/dsa-4386" }, { "category": "external", "summary": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "category": "external", "summary": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" } ], "release_date": "2019-02-06T20:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2019-02-06T20:29:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-27775", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "An information disclosure vulnerability exists in curl 7.65.0 to 7.82.0 are vulnerable that by using an IPv6 address that was in the connection pool but with a different zone id it could reuse a connection instead.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-27775" }, { "category": "external", "summary": "https://hackerone.com/reports/1546268", "url": "https://hackerone.com/reports/1546268" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202212-01", "url": "https://security.gentoo.org/glsa/202212-01" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220609-0008/", "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5197", "url": "https://www.debian.org/security/2022/dsa-5197" } ], "release_date": "2022-06-02T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2022-06-02T14:15:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2018-16839", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2018-16839" }, { "category": "external", "summary": "http://www.securitytracker.com/id/1042012", "url": "http://www.securitytracker.com/id/1042012" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16839", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16839" }, { "category": "external", "summary": "https://curl.haxx.se/docs/CVE-2018-16839.html", "url": "https://curl.haxx.se/docs/CVE-2018-16839.html" }, { "category": "external", "summary": "https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5", "url": "https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E", "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html", "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201903-03", "url": "https://security.gentoo.org/glsa/201903-03" }, { "category": "external", "summary": "https://usn.ubuntu.com/3805-1/", "url": "https://usn.ubuntu.com/3805-1/" }, { "category": "external", "summary": "https://www.debian.org/security/2018/dsa-4331", "url": "https://www.debian.org/security/2018/dsa-4331" } ], "release_date": "2018-10-31T18:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2018-10-31T18:29:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2019-5436", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-5436" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2019/09/11/6", "url": "http://www.openwall.com/lists/oss-security/2019/09/11/6" }, { "category": "external", "summary": "https://curl.haxx.se/docs/CVE-2019-5436.html", "url": "https://curl.haxx.se/docs/CVE-2019-5436.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2/" }, { "category": "external", "summary": "https://seclists.org/bugtraq/2020/Feb/36", "url": "https://seclists.org/bugtraq/2020/Feb/36" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202003-29", "url": "https://security.gentoo.org/glsa/202003-29" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20190606-0004/", "url": "https://security.netapp.com/advisory/ntap-20190606-0004/" }, { "category": "external", "summary": "https://support.f5.com/csp/article/K55133295", "url": "https://support.f5.com/csp/article/K55133295" }, { "category": "external", "summary": "https://support.f5.com/csp/article/K55133295?utm_source=f5support&%3Butm_medium=RSS", "url": "https://support.f5.com/csp/article/K55133295?utm_source=f5support&%3Butm_medium=RSS" }, { "category": "external", "summary": "https://www.debian.org/security/2020/dsa-4633", "url": "https://www.debian.org/security/2020/dsa-4633" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuapr2020.html", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2020.html", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" }, { "category": "external", "summary": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html", "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" } ], "release_date": "2019-05-28T19:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2019-05-28T19:29:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2016-8622", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get either just truncated or both truncated and turned negative. That could then lead to libcurl writing outside of its heap based buffer.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2016-8622" }, { "category": "external", "summary": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html", "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/94105", "url": "http://www.securityfocus.com/bid/94105" }, { "category": "external", "summary": "http://www.securitytracker.com/id/1037192", "url": "http://www.securitytracker.com/id/1037192" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:2486", "url": "https://access.redhat.com/errata/RHSA-2018:2486" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3558", "url": "https://access.redhat.com/errata/RHSA-2018:3558" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8622" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_20161102H.html", "url": "https://curl.haxx.se/docs/adv_20161102H.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201701-47", "url": "https://security.gentoo.org/glsa/201701-47" }, { "category": "external", "summary": "https://www.tenable.com/security/tns-2016-21", "url": "https://www.tenable.com/security/tns-2016-21" } ], "release_date": "2018-07-31T21:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2018-07-31T21:29:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2022-22576", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "notes": [ { "category": "description", "text": "An improper authentication vulnerability exists in curl 7.33.0 to and including 7.82.0 which might allow reuse OAUTH2-authenticated connections without properly making sure that the connection was authenticated with the same credentials as set for this transfer. This affects SASL-enabled protocols: SMPTP(S), IMAP(S), POP3(S) and LDAP(S) (openldap only).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-22576" }, { "category": "external", "summary": "https://hackerone.com/reports/1526328", "url": "https://hackerone.com/reports/1526328" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202212-01", "url": "https://security.gentoo.org/glsa/202212-01" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220609-0008/", "url": "https://security.netapp.com/advisory/ntap-20220609-0008/" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5197", "url": "https://www.debian.org/security/2022/dsa-5197" } ], "release_date": "2022-05-26T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2022-05-26T17:15:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-8816", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-8816" }, { "category": "external", "summary": "http://security.cucumberlinux.com/security/details.php?id=161", "url": "http://security.cucumberlinux.com/security/details.php?id=161" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/101998", "url": "http://www.securityfocus.com/bid/101998" }, { "category": "external", "summary": "http://www.securitytracker.com/id/1039896", "url": "http://www.securitytracker.com/id/1039896" }, { "category": "external", "summary": "http://www.securitytracker.com/id/1040608", "url": "http://www.securitytracker.com/id/1040608" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3558", "url": "https://access.redhat.com/errata/RHSA-2018:3558" }, { "category": "external", "summary": "https://curl.haxx.se/docs/adv_2017-12e7.html", "url": "https://curl.haxx.se/docs/adv_2017-12e7.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201712-04", "url": "https://security.gentoo.org/glsa/201712-04" }, { "category": "external", "summary": "https://www.debian.org/security/2017/dsa-4051", "url": "https://www.debian.org/security/2017/dsa-4051" } ], "release_date": "2017-11-29T18:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2017-11-29T18:29:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2021-22945", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "When sending data to an MQTT server, libcurl <= 7.73.0 and 7.78.0 could in some circumstances erroneously keep a pointer to an already freed memory area and both use that again in a subsequent call to send data and also free it *again*.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-22945" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2022/Mar/29", "url": "http://seclists.org/fulldisclosure/2022/Mar/29" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "category": "external", "summary": "https://hackerone.com/reports/1269242", "url": "https://hackerone.com/reports/1269242" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202212-01", "url": "https://security.gentoo.org/glsa/202212-01" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20211029-0003/", "url": "https://security.netapp.com/advisory/ntap-20211029-0003/" }, { "category": "external", "summary": "https://support.apple.com/kb/HT213183", "url": "https://support.apple.com/kb/HT213183" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5197", "url": "https://www.debian.org/security/2022/dsa-5197" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2021.html", "url": "https://www.oracle.com/security-alerts/cpuoct2021.html" } ], "release_date": "2021-09-23T13:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2021-09-23T13:15:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2019-5481", "cwe": { "id": "CWE-415", "name": "Double Free" }, "notes": [ { "category": "description", "text": "Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-5481" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html" }, { "category": "external", "summary": "https://curl.haxx.se/docs/CVE-2019-5481.html", "url": "https://curl.haxx.se/docs/CVE-2019-5481.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UA7KDM2WPM5CJDDGOEGFV6SSGD2J7RNT/" }, { "category": "external", "summary": "https://seclists.org/bugtraq/2020/Feb/36", "url": "https://seclists.org/bugtraq/2020/Feb/36" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202003-29", "url": "https://security.gentoo.org/glsa/202003-29" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20191004-0003/", "url": "https://security.netapp.com/advisory/ntap-20191004-0003/" }, { "category": "external", "summary": "https://www.debian.org/security/2020/dsa-4633", "url": "https://www.debian.org/security/2020/dsa-4633" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuapr2020.html", "url": "https://www.oracle.com/security-alerts/cpuapr2020.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2020.html", "url": "https://www.oracle.com/security-alerts/cpujan2020.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuoct2020.html", "url": "https://www.oracle.com/security-alerts/cpuoct2020.html" } ], "release_date": "2019-09-16T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2019-09-16T19:15:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2019-3823", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-3823" }, { "category": "external", "summary": "http://www.securityfocus.com/bid/106950", "url": "http://www.securityfocus.com/bid/106950" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2019:3701", "url": "https://access.redhat.com/errata/RHSA-2019:3701" }, { "category": "external", "summary": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf" }, { "category": "external", "summary": "https://curl.haxx.se/docs/CVE-2019-3823.html", "url": "https://curl.haxx.se/docs/CVE-2019-3823.html" }, { "category": "external", "summary": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E", "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201903-03", "url": "https://security.gentoo.org/glsa/201903-03" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20190315-0001/", "url": "https://security.netapp.com/advisory/ntap-20190315-0001/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3882-1/", "url": "https://usn.ubuntu.com/3882-1/" }, { "category": "external", "summary": "https://www.debian.org/security/2019/dsa-4386", "url": "https://www.debian.org/security/2019/dsa-4386" }, { "category": "external", "summary": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html", "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" }, { "category": "external", "summary": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html", "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" } ], "release_date": "2019-02-06T20:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2019-02-06T20:29:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2020-8286", "cwe": { "id": "CWE-295", "name": "Improper Certificate Validation" }, "notes": [ { "category": "description", "text": "curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2020-8286" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2021/Apr/50", "url": "http://seclists.org/fulldisclosure/2021/Apr/50" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2021/Apr/51", "url": "http://seclists.org/fulldisclosure/2021/Apr/51" }, { "category": "external", "summary": "http://seclists.org/fulldisclosure/2021/Apr/54", "url": "http://seclists.org/fulldisclosure/2021/Apr/54" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2020-8286.html", "url": "https://curl.se/docs/CVE-2020-8286.html" }, { "category": "external", "summary": "https://hackerone.com/reports/1048457", "url": "https://hackerone.com/reports/1048457" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html", "url": "https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DAEHE2S2QLO4AO4MEEYL75NB7SAH5PSL/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NZUVSQHN2ESHMJXNQ2Z7T2EELBB5HJXG/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202012-14", "url": "https://security.gentoo.org/glsa/202012-14" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20210122-0007/", "url": "https://security.netapp.com/advisory/ntap-20210122-0007/" }, { "category": "external", "summary": "https://support.apple.com/kb/HT212325", "url": "https://support.apple.com/kb/HT212325" }, { "category": "external", "summary": "https://support.apple.com/kb/HT212326", "url": "https://support.apple.com/kb/HT212326" }, { "category": "external", "summary": "https://support.apple.com/kb/HT212327", "url": "https://support.apple.com/kb/HT212327" }, { "category": "external", "summary": "https://www.debian.org/security/2021/dsa-4881", "url": "https://www.debian.org/security/2021/dsa-4881" }, { "category": "external", "summary": "https://www.oracle.com//security-alerts/cpujul2021.html", "url": "https://www.oracle.com//security-alerts/cpujul2021.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuApr2021.html", "url": "https://www.oracle.com/security-alerts/cpuApr2021.html" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpuapr2022.html", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html" } ], "release_date": "2020-12-14T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2020-12-14T20:15:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2020-8177", "cwe": { "id": "CWE-99", "name": "Improper Control of Resource Identifiers ('Resource Injection')" }, "notes": [ { "category": "description", "text": "curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2020-8177" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2020-8177.html", "url": "https://curl.se/docs/CVE-2020-8177.html" }, { "category": "external", "summary": "https://hackerone.com/reports/887462", "url": "https://hackerone.com/reports/887462" }, { "category": "external", "summary": "https://www.debian.org/security/2021/dsa-4881", "url": "https://www.debian.org/security/2021/dsa-4881" }, { "category": "external", "summary": "https://www.oracle.com/security-alerts/cpujan2022.html", "url": "https://www.oracle.com/security-alerts/cpujan2022.html" } ], "release_date": "2020-12-14T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2020-12-14T20:15:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2020-8169", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2020-8169" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf" }, { "category": "external", "summary": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2020-8169.html", "url": "https://curl.se/docs/CVE-2020-8169.html" }, { "category": "external", "summary": "https://hackerone.com/reports/874778", "url": "https://hackerone.com/reports/874778" }, { "category": "external", "summary": "https://www.debian.org/security/2021/dsa-4881", "url": "https://www.debian.org/security/2021/dsa-4881" } ], "release_date": "2020-12-14T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2020-12-14T20:15:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2026-3783", "cwe": { "id": "CWE-201", "name": "Insertion of Sensitive Information Into Sent Data" }, "notes": [ { "category": "description", "text": "When an OAuth2 bearer token is used for an HTTP(S) transfer, and that transfer\nperforms a redirect to a second URL, curl could leak that token to the second\nhostname under some circumstances.\nIf the hostname that the first request is redirected to has information in the\nused .netrc file, with either of the `machine` or `default` keywords, curl\nwould pass on the bearer token set for the first host also to the second one.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-3783" } ], "release_date": "2026-03-11T10:09:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2026-03-11T10:09:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2026-3784", "cwe": { "id": "CWE-305", "name": "Authentication Bypass by Primary Weakness" }, "notes": [ { "category": "description", "text": "curl would wrongly reuse an existing HTTP proxy connection doing CONNECT to a\nserver, even if the new request uses different credentials for the HTTP proxy.\nThe proper behavior is to create or use a separate connection.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "known_affected": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2026-3784" } ], "release_date": "2026-03-11T10:09:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-03-19T13:14:30.288522Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1773926067" }, { "category": "none_available", "date": "2026-03-11T10:09:00Z", "details": "Affected", "product_ids": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els2-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els2-rr0.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-dev-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-doc-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-fish-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-static-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:curl-zsh-completion-8.12.1.tuxcare.els3-rr0.x86_64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.aarch64", "Alpine-Linux-3.18:libcurl-8.12.1.tuxcare.els3-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }