发布时间: 2023年2月24日
修改时间: 2024年10月31日
A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity.
| NVD | openEuler | |
|---|---|---|
| Confidentiality | Low | Low |
| Attack Vector | Network | Network |
| CVSS评分 | 6.5 | 4.3 |
| Attack Complexity | Low | Low |
| Privileges Required | None | Low |
| Scope | Unchanged | Unchanged |
| Integrity | Low | None |
| User Interaction | None | None |
| Availability | None | None |
| 公告名 | 概要 | 发布时间 |
|---|---|---|
| KylinSec-SA-2023-1089 | A flaw was found in the Curl package, where the HSTS mechanism could fail when multiple transfers are done in parallel, as the HSTS cache file gets overwritten by the most recently completed transfer. This issue may result in limited confidentiality and integrity. | 2023年2月20日 |
| KylinSec-SA-2023-1107 | curl security update | 2023年2月24日 |
| KylinSec-SA-2023-2099 | curl security update | 2023年2月24日 |
| 产品 | 包 | 状态 |
|---|---|---|
| KY3.5.2 | curl | Fixed |
| KY3.5.1 | curl | Fixed |
