FreeBSD : cURL -- multiple vulnerabilities (69cfa386-7cd0-11e7-867f-b499baebfeaf)

Medium Nessus Plugin ID 102330

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The cURL project reports :

- FILE buffer read out of bounds

- TFTP sends more than buffer size

- URL globbing out of bounds read

Solution

Update the affected package.

See Also

https://curl.haxx.se/docs/security.html

http://www.nessus.org/u?7dcd3b62

Plugin Details

Severity: Medium

ID: 102330

File Name: freebsd_pkg_69cfa3867cd011e7867fb499baebfeaf.nasl

Version: 3.5

Type: local

Published: 2017/08/10

Updated: 2018/11/10

Dependencies: 12634

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3.0

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:curl, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2017/08/09

Vulnerability Publication Date: 2017/08/09

Reference Information

CVE: CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101