AVG-2706 log

Package curl
Status Fixed
Severity Medium
Type multiple issues
Affected 7.83.0-1
Fixed 7.83.1-1
Current 8.7.1-3 [core]
Ticket None
Created Wed May 11 10:20:20 2022
Issue Severity Remote Type Description
CVE-2022-30115 Medium No Information disclosure
A vulnerability was found in curl. This issue occurs because when using its HTTP Strict Transport Security(HSTS) support, it can instruct curl to use HTTPS...
CVE-2022-27782 Medium Unknown Unknown
libcurl would reuse a previously created connection even when a TLS or SSH related option had been changed that should have prohibited reuse. libcurl keeps...
CVE-2022-27781 Low Unknown Unknown
libcurl provides the `CURLOPT_CERTINFO` option to allow applications to request details to be returned about a TLS server's certificate chain. Due to an...
CVE-2022-27780 Medium Unknown Unknown
The curl URL parser wrongly accepts percent-encoded URL separators like '/' when decoding the host name part of a URL, making it a *different* URL using the...
CVE-2022-27779 Medium Unknown Unknown
libcurl wrongly allows HTTP cookies to be set for Top Level Domains (TLDs) if the host name is provided with a trailing dot. This can allow arbitrary sites...
CVE-2022-27778 Medium Unknown Unknown
If curl adds a number to not "clobber" the output and an error occurs during transfer, the remove on error logic would remove the *original* file name...
References
https://curl.se/docs/vuln-7.83.0.html