New! Vulnerability Priority Rating (VPR)
Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it's different from CVSS.
VPR Score: 5.9
Synopsis
The remote FreeBSD host is missing a security-related update.
Description
The cURL project reports
- cookie injection for other servers
- case insensitive password comparison
- OOB write via unchecked multiplication
- double-free in curl_maprintf
- double-free in krb5 code
- glob parser write/read out of bounds
- curl_getdate read out of bounds
- URL unescape heap overflow via integer truncation
- Use-after-free via shared cookies
- invalid URL parsing with '#'
- IDNA 2003 makes curl use wrong host
Solution
Update the affected package.