vulnerability
Amazon Linux 2023: CVE-2023-27537: Medium priority package update for curl
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:H/Au:N/C:P/I:P/A:P) | 2023-03-20 | 2025-02-17 | 2025-02-17 |
Severity
5
CVSS
(AV:N/AC:H/Au:N/C:P/I:P/A:P)
Published
2023-03-20
Added
2025-02-17
Modified
2025-02-17
Description
A double free vulnerability exists in libcurl <8.0.0 when sharing HSTS data between separate "handles". This sharing was introduced without considerations for do this sharing across separate threads but there was no indication of this fact in the documentation. Due to missing mutexes or thread locks, two threads sharing the same HSTS data could end up doing a double-free or use-after-free.
Solution(s)
amazon-linux-2023-upgrade-curlamazon-linux-2023-upgrade-curl-debuginfoamazon-linux-2023-upgrade-curl-debugsourceamazon-linux-2023-upgrade-curl-minimalamazon-linux-2023-upgrade-curl-minimal-debuginfoamazon-linux-2023-upgrade-libcurlamazon-linux-2023-upgrade-libcurl-debuginfoamazon-linux-2023-upgrade-libcurl-develamazon-linux-2023-upgrade-libcurl-minimalamazon-linux-2023-upgrade-libcurl-minimal-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.