DSA-4098-1 curl -- curl| ID: oval:org.secpod.oval:def:603251 | Date: (C)2018-02-05 (M)2023-12-20 |
| Class: PATCH | Family: unix |
Two vulnerabilities were discovered in cURL, an URL transfer library. CVE-2018-1000005 Zhouyihai Ding discovered an out-of-bounds read in the code handling HTTP/2 trailers. This issue doesn"t affect the oldstable distribution . CVE-2018-1000007 Craig de Stigter discovered that authentication data might be leaked to third parties when following HTTP redirects.
| Platform: |
| Debian 8.x |
| Debian 9.x |
| Product: |
| curl |
| libcurl4-gnutls-dev |
| libcurl4-doc |
| libcurl4-openssl-dev |
| libcurl3 |
| libcurl4-nss-dev |
