AVG-2384 log

Package curl
Status Fixed
Severity High
Type multiple issues
Affected 7.78.0-1
Fixed 7.79.0-1
Current 8.11.1-3 [core]
Ticket None
Created Wed Sep 15 08:00:50 2021
Issue Severity Remote Type Description
CVE-2021-22947 Medium Yes Man-in-the-middle
A STARTTLS protocol injection flaw via man-in-the-middle was found in curl before 7.79.0. When curl connects to an IMAP, POP3, SMTP or FTP server to...
CVE-2021-22946 Medium Yes Silent downgrade
A security issue was found in curl before 7.79.0. A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server...
CVE-2021-22945 High Yes Arbitrary code execution
A use-after-free security issue has been found in the MQTT sending component of curl before 7.79.0. When sending data to an MQTT server, libcurl could in...