[Debian] CVE: CVE-2023-23916: curl: An allocation of resources without limits or throttling vulnerability
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
StarlingX |
Fix Released
|
High
|
Li Zhou |
Bug Description
CVE-2023-23916: https:/
An allocation of resources without limits or throttling vulnerability exists in curl <v7.88.0 based on the "chained" HTTP compression algorithms, meaning that a server response can be compressed multiple times and potentially with differentalgori
Score:
cve_id status cvss3Score av ac pr ui ai
CVE-2023-23916 fixed 7.5 N L N N H
References:
['curl_
CVE References
Changed in starlingx: | |
status: | New → Triaged |
importance: | Undecided → High |
tags: | added: stx.9.0 stx.security |
information type: | Public → Public Security |
Changed in starlingx: | |
assignee: | nobody → Li Zhou (lzhou2) |
Fix proposed to branch: master /review. opendev. org/c/starlingx /tools/ +/877072
Review: https:/