发布时间: 2023年2月24日
修改时间: 2024年10月31日
A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | High | Low |
| Attack Vector | Network | Network |
| CVSS评分 | 9.1 | 4.3 |
| Attack Complexity | Low | Low |
| Privileges Required | None | Low |
| Scope | Unchanged | Unchanged |
| Integrity | High | None |
| User Interaction | None | None |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1090 | A flaw was found in the Curl package, where the HSTS mechanism would be ignored by subsequent transfers when done on the same command line because the state would not be properly carried. This issue may result in limited confidentiality and integrity. | 2023年2月20日 |
| KylinSec-SA-2023-1107 | curl security update | 2023年2月24日 |
| KylinSec-SA-2023-2099 | curl security update | 2023年2月24日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.5.2 | curl | Fixed |
| KY3.5.1 | curl | Fixed |
