CVE-2023-32001

Publication date 19 July 2023

Last updated 24 July 2024

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

5.0 · Medium

Score breakdown

** REJECT ** We issued this CVE pre-maturely, as we have subsequently realized that this issue points out a problem that there really is no safe measures around or protections for.

Read the notes from the security team

Notes

mdeslaur

introduced in 7.84.0 by https://github.com/curl/curl/commit/20f9dd6bae50b722

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
curl

Severity score breakdown

Parameter Value
Base score 5.0 · Medium
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Scope Unchanged
Confidentiality Low
Integrity impact Low
Availability impact Low
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

References

Related Ubuntu Security Notices (USN)

Other references