vulnerability
Amazon Linux AMI 2: CVE-2020-19909: Security patch for curl (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:S/C:N/I:N/A:P) | Aug 22, 2023 | Sep 8, 2023 | May 20, 2026 |
Severity
2
CVSS
(AV:L/AC:L/Au:S/C:N/I:N/A:P)
Published
Aug 22, 2023
Added
Sep 8, 2023
Modified
May 20, 2026
Description
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.
Solutions
amazon-linux-ami-2-upgrade-curlamazon-linux-ami-2-upgrade-curl-debuginfoamazon-linux-ami-2-upgrade-libcurlamazon-linux-ami-2-upgrade-libcurl-devel
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.