AVG-2386 log
Package | libcurl-compat |
Status | Fixed |
Severity | High |
Type | multiple issues |
Affected | 7.78.0-1 |
Fixed | 7.79.0-1 |
Current | 8.11.0-3 [core] |
Ticket | None |
Created | Wed Sep 15 08:03:09 2021 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2021-22947 | Medium | Yes | Man-in-the-middle | A STARTTLS protocol injection flaw via man-in-the-middle was found in curl before 7.79.0. When curl connects to an IMAP, POP3, SMTP or FTP server to... |
CVE-2021-22946 | Medium | Yes | Silent downgrade | A security issue was found in curl before 7.79.0. A user can tell curl to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server... |
CVE-2021-22945 | High | Yes | Arbitrary code execution | A use-after-free security issue has been found in the MQTT sending component of curl before 7.79.0. When sending data to an MQTT server, libcurl could in... |