FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
aa646c01-ea0d-11eb-9b84-d4c9ef517024cURL -- Multiple vulnerabilities

The cURL project reports:

CURLOPT_SSLCERT mixup with Secure Transport (CVE-2021-22926)

TELNET stack contents disclosure again (CVE-2021-22925)

Bad connection reuse due to flawed path name checks (CVE-2021-92254)

Metalink download sends credentials (CVE-2021-92253)

Wrong content via metalink not discarded (CVE-2021-92252)


Discovery 2021-07-21
Entry 2021-07-21
curl
< 7.78.0

CVE-2021-22922
CVE-2021-22923
CVE-2021-22924
CVE-2021-22925
CVE-2021-22926
https://curl.se/docs/vuln-7.77.0.html
92a4d881-c6cf-11ec-a06f-d4c9ef517024cURL -- Multiple vulnerabilities

The cURL project reports:

  • OAUTH2 bearer bypass in connection re-use (CVE-2022-22576)
  • Credential leak on redirect (CVE-2022-27774)
  • Bad local IPv6 connection reuse (CVE-2022-27775)
  • Auth/cookie leak on redirect (CVE-2022-27776)

Discovery 2022-04-27
Entry 2022-04-28
curl
< 7.83.0

CVE-2022-22576
CVE-2022-27774
CVE-2022-27775
CVE-2022-27776
https://curl.se/docs/vuln-7.82.0.html
0f99a30c-7b4b-11ed-9168-080027f5fec9curl -- multiple vulnerabilities

Daniel Stenberg reports:

CVE-2022-32221: POST following PUT confusion
When doing HTTP(S) transfers, libcurl might erroneously use the read callback (CURLOPT_READFUNCTION) to ask for data to send, even when the CURLOPT_POSTFIELDS option has been set, if the same handle previously was used to issue a PUT request which used that callback. This flaw may surprise the application and cause it to misbehave and either send off the wrong data or use memory after free or similar in the subsequent POST request. The problem exists in the logic for a reused handle when it is changed from a PUT to a POST.
CVE-2022-35260: .netrc parser out-of-bounds access
curl can be told to parse a .netrc file for credentials. If that file ends in a line with consecutive non-white space letters and no newline, curl could read past the end of the stack-based buffer, and if the read works, write a zero byte possibly beyond its boundary. This will in most cases cause a segfault or similar, but circumstances might also cause different outcomes. If a malicious user can provide a custom netrc file to an application or otherwise affect its contents, this flaw could be used as denial-of-service.
CVE-2022-42915: HTTP proxy double-free
f curl is told to use an HTTP proxy for a transfer with a non-HTTP(S) URL, it sets up the connection to the remote server by issuing a CONNECT request to the proxy, and then tunnels the rest of protocol through. An HTTP proxy might refuse this request (HTTP proxies often only allow outgoing connections to specific port numbers, like 443 for HTTPS) and instead return a non-200 response code to the client. Due to flaws in the error/cleanup handling, this could trigger a double-free in curl if one of the following schemes were used in the URL for the transfer: dict, gopher, gophers, ldap, ldaps, rtmp, rtmps, telnet
CVE-2022-42916: HSTS bypass via IDN
curl's HSTS check could be bypassed to trick it to keep using HTTP. Using its HSTS support, curl can be instructed to use HTTPS directly instead of using an insecure clear-text HTTP step even when HTTP is provided in the URL. This mechanism could be bypassed if the host name in the given URL uses IDN characters that get replaced to ASCII counterparts as part of the IDN conversion. Like using the character UTF-8 U+3002 (IDEOGRAPHIC FULL STOP) instead of the common ASCII full stop (U+002E) .. Like this: http://curl。se。

Discovery 2022-10-26
Entry 2022-12-14
curl
< 7.86.0

CVE-2022-32221
CVE-2022-35260
CVE-2022-42915
CVE-2022-42916
https://curl.se/docs/CVE-2022-32221.html
https://curl.se/docs/CVE-2022-35260.html
https://curl.se/docs/CVE-2022-42915.html
https://curl.se/docs/CVE-2022-42916.html
b1194286-958e-11eb-9c34-080027f515eacurl -- Automatic referer leaks credentials

Daniel Stenberg reports:

libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request.

libcurl automatically sets the Referer: HTTP request header field in outgoing HTTP requests if the CURLOPT_AUTOREFERER option is set. With the curl tool, it is enabled with --referer ";auto".


Discovery 2021-03-31
Entry 2021-04-10
curl
ge 7.1.1 lt 7.76.0

CVE-2021-22876
https://curl.se/docs/CVE-2021-22876.html
ae5722a6-f5f0-11ec-856e-d4c9ef517024cURL -- Multiple vulnerabilities

The cURL project reports:

  • CVE-2022-32205: Set-Cookie denial of service
  • CVE-2022-32206: HTTP compression denial of service
  • CVE-2022-32207: Unpreserved file permissions
  • CVE-2022-32208: FTP-KRB bad message verification

Discovery 2022-06-27
Entry 2022-06-27
curl
ge 7.16.4 lt 7.84.0

CVE-2022-32205
CVE-2022-32206
CVE-2022-32207
CVE-2022-32208
https://curl.se/docs/security.html
11e36890-d28c-11ec-a06f-d4c9ef517024curl -- Multiple vulnerabilities

The curl project reports:

CVE-2022-27778: curl removes wrong file on error

CVE-2022-27779: cookie for trailing dot TLD

CVE-2022-27780: percent-encoded path separator in URL host

CVE-2022-27781: CERTINFO never-ending busy-loop

CVE-2022-27782: TLS and SSH connection too eager reuse

CVE-2022-30115: HSTS bypass via trailing dot


Discovery 2022-05-11
Entry 2022-05-13
curl
< 7.83.1

CVE-2022-27778
CVE-2022-27779
CVE-2022-27780
CVE-2022-27781
CVE-2022-27782
CVE-2022-30115
https://curl.se/docs/security.html
d10fc771-958f-11eb-9c34-080027f515eacurl -- TLS 1.3 session ticket proxy host mixup

Daniel Stenberg reports:

Enabled by default, libcurl supports the use of TLS 1.3 session tickets to resume previous TLS sessions to speed up subsequent TLS handshakes.

When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. The reason for this confusion is the modified sequence from TLS 1.2 when the session ids would provided only during the TLS handshake, while in TLS 1.3 it happens post hand-shake and the code was not updated to take that changed behavior into account.

When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed.

This flaw can allow a malicious HTTPS proxy to MITM the traffic. Such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check.


Discovery 2021-03-31
Entry 2021-04-10
curl
ge 7.63.0 lt 7.76.0

CVE-2021-22890
https://curl.se/docs/CVE-2021-22890.html
c9221ec9-17a2-11ec-b335-d4c9ef517024cURL -- Multiple vulnerabilities

The cURL project reports:

  • UAF and double-free in MQTT sending (CVE-2021-22945)
  • Protocol downgrade required TLS bypassed (CVE-2021-22946)
  • STARTTLS protocol injection via MITM (CVE-2021-22945)

Discovery 2021-09-15
Entry 2021-09-17
Modified 2021-09-28
curl
ge 7.20.0 lt 7.79.0

CVE-2021-22945
CVE-2021-22946
CVE-2021-22947
https://curl.se/docs/security.html