FreeBSD : cURL -- multiple vulnerabilities (69cfa386-7cd0-11e7-867f-b499baebfeaf)

medium Nessus Plugin ID 102330

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The cURL project reports :

- FILE buffer read out of bounds

- TFTP sends more than buffer size

- URL globbing out of bounds read

Solution

Update the affected package.

See Also

https://curl.haxx.se/docs/security.html

http://www.nessus.org/u?7dcd3b62

Plugin Details

Severity: Medium

ID: 102330

File Name: freebsd_pkg_69cfa3867cd011e7867fb499baebfeaf.nasl

Version: 3.6

Type: local

Published: 8/10/2017

Updated: 1/4/2021

Dependencies: ssh_get_info.nasl

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS v3

Risk Factor: Medium

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:curl, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 8/9/2017

Vulnerability Publication Date: 8/9/2017

Reference Information

CVE: CVE-2017-1000099, CVE-2017-1000100, CVE-2017-1000101