diff --git a/tools/apitester/__snapshots__/cassette_TestCommand.snap b/tools/apitester/__snapshots__/cassette_TestCommand.snap index 3c2b92fe36c..2b9327c619a 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand.snap @@ -109,7 +109,7 @@ }, { "id": "GO-2025-3373", - "modified": "" + "modified": "" }, { "id": "GO-2025-3420", @@ -269,7 +269,7 @@ }, { "id": "GO-2025-3373", - "modified": "" + "modified": "" }, { "id": "GO-2025-3420", @@ -421,7 +421,7 @@ }, { "id": "GO-2025-3373", - "modified": "" + "modified": "" }, { "id": "GO-2025-3420", @@ -581,7 +581,7 @@ }, { "id": "GO-2025-3373", - "modified": "" + "modified": "" }, { "id": "GO-2025-3420", @@ -3098,6 +3098,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -3110,6 +3114,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -3122,6 +3130,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -3134,6 +3146,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -3386,6 +3402,10 @@ }, { "vulns": [ + { + "id": "GHSA-29vq-49wr-vm6x", + "modified": "" + }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "" @@ -3398,6 +3418,10 @@ }, { "vulns": [ + { + "id": "GHSA-29vq-49wr-vm6x", + "modified": "" + }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "" @@ -3410,6 +3434,10 @@ }, { "vulns": [ + { + "id": "GHSA-29vq-49wr-vm6x", + "modified": "" + }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "" @@ -3603,6 +3631,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -3615,6 +3647,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -3627,6 +3663,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -3639,6 +3679,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -3891,6 +3935,10 @@ }, { "vulns": [ + { + "id": "GHSA-29vq-49wr-vm6x", + "modified": "" + }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "" @@ -3903,6 +3951,10 @@ }, { "vulns": [ + { + "id": "GHSA-29vq-49wr-vm6x", + "modified": "" + }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "" @@ -3915,6 +3967,10 @@ }, { "vulns": [ + { + "id": "GHSA-29vq-49wr-vm6x", + "modified": "" + }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "" diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap b/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap index 96db737fc06..69e9d2e386f 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_MoreLockfiles.snap @@ -80,6 +80,10 @@ { "id": "GHSA-vvfq-8hwr-qm4m", "modified": "" + }, + { + "id": "GHSA-wx95-c6cv-8532", + "modified": "" } ] }, diff --git a/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap b/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap index eeb8ff52cb2..911efa7615d 100755 --- a/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap +++ b/tools/apitester/__snapshots__/cassette_TestCommand_Transitive.snap @@ -49,6 +49,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -89,6 +93,10 @@ "results": [ { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -286,6 +294,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -548,6 +560,10 @@ }, { "vulns": [ + { + "id": "GHSA-68rp-wp8r-4726", + "modified": "" + }, { "id": "GHSA-m2qf-hxjv-5gpq", "modified": "" @@ -648,6 +664,10 @@ }, { "vulns": [ + { + "id": "GHSA-29vq-49wr-vm6x", + "modified": "" + }, { "id": "GHSA-87hc-h4r5-73f7", "modified": "" diff --git a/tools/apitester/__snapshots__/cassette_batch_query.snap b/tools/apitester/__snapshots__/cassette_batch_query.snap index a1aa2605d63..a3a0ac40d44 100644 --- a/tools/apitester/__snapshots__/cassette_batch_query.snap +++ b/tools/apitester/__snapshots__/cassette_batch_query.snap @@ -8,6 +8,10 @@ "id": "CVE-2021-22569", "modified": "" }, + { + "id": "CVE-2022-1941", + "modified": "" + }, { "id": "CVE-2022-3171", "modified": "" @@ -22,7 +26,7 @@ }, { "id": "CVE-2024-2410", - "modified": "" + "modified": "" }, { "id": "CVE-2024-7254", diff --git a/tools/apitester/__snapshots__/cassette_single_query.snap b/tools/apitester/__snapshots__/cassette_single_query.snap index 7f2057f5940..58a6919219b 100755 --- a/tools/apitester/__snapshots__/cassette_single_query.snap +++ b/tools/apitester/__snapshots__/cassette_single_query.snap @@ -2,85 +2,6 @@ [Test/cassette_single_query/TestQueryEndpoint/CommitQuery - 1] { "vulns": [ - { - "id": "CVE-2021-45931", - "details": "HarfBuzz 2.9.0 has an out-of-bounds write in hb_bit_set_invertible_t::set (called from hb_sparseset_t\u003chb_bit_set_invertible_t\u003e::set and hb_set_copy).", - "modified": "", - "published": "2022-01-01T01:15:08.477Z", - "references": [ - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EAIZKL4O67FN2CWJYHYKZEMNYWNWO3D/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5A7TCR2MY46YK3NHQZB3SLESUH354IEA/" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DI6247WOAKB46CZZ6SCDSJVWWCW3GMZH/" - }, - { - "type": "ADVISORY", - "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425" - }, - { - "type": "ADVISORY", - "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml" - }, - { - "type": "ADVISORY", - "url": "https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81" - }, - { - "type": "ADVISORY", - "url": "https://security.gentoo.org/glsa/202209-11" - }, - { - "type": "REPORT", - "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425" - }, - { - "type": "FIX", - "url": "https://github.com/harfbuzz/harfbuzz/commit/d3e09bf4654fe5478b6dbf2b26ebab6271317d81" - }, - { - "type": "EVIDENCE", - "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=37425" - }, - { - "type": "EVIDENCE", - "url": "https://github.com/google/oss-fuzz-vulns/blob/main/vulns/harfbuzz/OSV-2021-1159.yaml" - } - ], - "affected": [ - { - "ranges": [ - { - "type": "GIT", - "repo": "https://github.com/harfbuzz/harfbuzz", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "d3e09bf4654fe5478b6dbf2b26ebab6271317d81" - } - ] - } - ], - "versions": 138, - "database_specific": "" - } - ], - "schema_version": "1.7.3", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" - } - ] - }, { "id": "CVE-2022-33068", "details": "An integer overflow in the component hb-ot-shape-fallback.cc of Harfbuzz v4.3.0 allows attackers to cause a Denial of Service (DoS) via unspecified vectors.", @@ -564,182 +485,6 @@ } ] }, - { - "id": "CVE-2023-51767", - "details": "OpenSSH through 10.0, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim co-location in which the attacker has user privileges. NOTE: this is disputed by the Supplier, who states \"we do not consider it to be the application's responsibility to defend against platform architectural weaknesses.\"", - "modified": "", - "published": "2023-12-24T07:15:07.410Z", - "related": ["CGA-87mg-824v-5jqp"], - "references": [ - { - "type": "WEB", - "url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/auth-passwd.c#L77" - }, - { - "type": "WEB", - "url": "https://github.com/openssh/openssh-portable/blob/8241b9c0529228b4b86d88b1a6076fb9f97e4a99/monitor.c#L878" - }, - { - "type": "WEB", - "url": "https://www.openwall.com/lists/oss-security/2025/09/22/1" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/22/1" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/22/2" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/23/1" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/23/3" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/23/4" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/23/5" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/24/4" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/24/7" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/25/2" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/25/6" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/26/2" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/26/4" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/27/1" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/27/2" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/27/3" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/27/4" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/27/5" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/27/6" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/27/7" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/28/7" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/29/1" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/29/4" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/29/5" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/09/29/6" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/10/01/1" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2025/10/01/2" - }, - { - "type": "ADVISORY", - "url": "https://access.redhat.com/security/cve/CVE-2023-51767" - }, - { - "type": "ADVISORY", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255850" - }, - { - "type": "ADVISORY", - "url": "https://security.netapp.com/advisory/ntap-20240125-0006/" - }, - { - "type": "ADVISORY", - "url": "https://ubuntu.com/security/CVE-2023-51767" - }, - { - "type": "REPORT", - "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255850" - }, - { - "type": "ARTICLE", - "url": "https://arxiv.org/abs/2309.02545" - } - ], - "affected": [ - { - "ranges": [ - { - "type": "GIT", - "repo": "https://github.com/harfbuzz/harfbuzz", - "events": [ - { - "introduced": "0" - }, - { - "last_affected": "d5261f7234ab072a2aa1758ccfe37372df9927a9" - } - ] - } - ], - "versions": 181, - "database_specific": "" - } - ], - "schema_version": "1.7.3", - "severity": [ - { - "type": "CVSS_V3", - "score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H" - } - ] - }, { "id": "CVE-2026-22693", "summary": "Null Pointer Dereference in SubtableUnicodesCache::create leading to DoS", @@ -1582,145 +1327,547 @@ "affected": [ { "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "7.58.0" - }, - { - "fixed": "8.18.0" - } - ] - }, + { + "type": "SEMVER", + "events": [ + { + "introduced": "7.58.0" + }, + { + "fixed": "8.18.0" + } + ] + }, + { + "type": "GIT", + "repo": "https://github.com/curl/curl.git", + "events": [ + { + "introduced": "c92d2e14cfb0db662f958effd2ac86f995cf1b5a" + }, + { + "fixed": "adca486c125d9a6d9565b9607a19dce803a8b479" + } + ] + } + ], + "versions": 70, + "database_specific": "" + } + ], + "schema_version": "1.7.3", + "credits": [ + { + "name": "Harry Sintonen", + "type": "FINDER" + }, + { + "name": "Daniel Stenberg", + "type": "REMEDIATION_DEVELOPER" + } + ] + }, + { + "id": "CURL-CVE-2025-15224", + "summary": "libssh key passphrase bypass without agent set", + "details": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", + "aliases": ["CVE-2025-15224"], + "modified": "", + "published": "2026-01-07T08:00:00Z", + "database_specific": "", + "affected": [ + { + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "7.58.0" + }, + { + "fixed": "8.18.0" + } + ] + }, + { + "type": "GIT", + "repo": "https://github.com/curl/curl.git", + "events": [ + { + "introduced": "c92d2e14cfb0db662f958effd2ac86f995cf1b5a" + }, + { + "fixed": "16d5f2a5660c61cc27bd5f1c7f512391d1c927aa" + } + ] + } + ], + "versions": 70, + "database_specific": "" + } + ], + "schema_version": "1.7.3", + "credits": [ + { + "name": "Harry Sintonen", + "type": "FINDER" + }, + { + "name": "Harry Sintonen", + "type": "REMEDIATION_DEVELOPER" + } + ] + }, + { + "id": "CURL-CVE-2025-5025", + "summary": "No QUIC certificate pinning with wolfSSL", + "details": "libcurl supports *pinning* of the server certificate public key for HTTPS\ntransfers. Due to an omission, this check is not performed when connecting\nwith QUIC for HTTP/3, when the TLS backend is wolfSSL.\n\nDocumentation says the option works with wolfSSL, failing to specify that it\ndoes not for QUIC and HTTP/3.\n\nSince pinning makes the transfer succeed if the pin is fine, users could\nunwittingly connect to an impostor server without noticing.", + "aliases": ["CVE-2025-5025"], + "modified": "", + "published": "2025-05-28T08:00:00Z", + "database_specific": "", + "affected": [ + { + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "8.5.0" + }, + { + "fixed": "8.14.0" + } + ] + }, + { + "type": "GIT", + "repo": "https://github.com/curl/curl.git", + "events": [ + { + "introduced": "5f78cf503c786a1d48d13528dde038bccfa6c67c" + }, + { + "fixed": "e1f65937a96a451292e9231339672797da86ecc5" + } + ] + } + ], + "versions": 14, + "database_specific": "" + } + ], + "schema_version": "1.7.3", + "credits": [ + { + "name": "Hiroki Kurosawa", + "type": "FINDER" + }, + { + "name": "Stefan Eissing", + "type": "REMEDIATION_DEVELOPER" + } + ] + }, + { + "id": "CVE-2018-14618", + "details": "curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.)", + "aliases": ["CURL-CVE-2018-14618"], + "modified": "", + "published": "2018-09-05T19:29:00.420Z", + "related": [ + "MGASA-2018-0423", + "SUSE-SU-2018:2629-1", + "SUSE-SU-2018:2714-1", + "SUSE-SU-2018:2715-1", + "SUSE-SU-2018:2717-1", + "openSUSE-SU-2024:10582-1" + ], + "references": [ + { + "type": "WEB", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" + }, + { + "type": "ADVISORY", + "url": "http://www.securitytracker.com/id/1041605" + }, + { + "type": "ADVISORY", + "url": "https://access.redhat.com/errata/RHSA-2018:3558" + }, + { + "type": "ADVISORY", + "url": "https://access.redhat.com/errata/RHSA-2019:1880" + }, + { + "type": "ADVISORY", + "url": "https://curl.haxx.se/docs/CVE-2018-14618.html" + }, + { + "type": "ADVISORY", + "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2018-0014" + }, + { + "type": "ADVISORY", + "url": "https://security.gentoo.org/glsa/201903-03" + }, + { + "type": "ADVISORY", + "url": "https://usn.ubuntu.com/3765-1/" + }, + { + "type": "ADVISORY", + "url": "https://usn.ubuntu.com/3765-2/" + }, + { + "type": "ADVISORY", + "url": "https://www.debian.org/security/2018/dsa-4286" + }, + { + "type": "REPORT", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14618" + } + ], + "affected": [ + { + "ranges": [ + { + "type": "GIT", + "repo": "https://github.com/curl/curl", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "ed4474316d24db7bdf8753d77d78fd4de5713876" + } + ] + } + ], + "versions": 230, + "database_specific": "" + } + ], + "schema_version": "1.7.3", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + } + ] + }, + { + "id": "CVE-2018-16839", + "details": "Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.", + "aliases": ["CURL-CVE-2018-16839"], + "modified": "", + "published": "2018-10-31T18:29:00.230Z", + "related": [ + "SUSE-SU-2018:3624-1", + "SUSE-SU-2019:0339-1", + "SUSE-SU-2019:0996-1", + "openSUSE-SU-2024:10582-1" + ], + "references": [ + { + "type": "WEB", + "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" + }, + { + "type": "ADVISORY", + "url": "http://www.securitytracker.com/id/1042012" + }, + { + "type": "ADVISORY", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16839" + }, + { + "type": "ADVISORY", + "url": "https://curl.haxx.se/docs/CVE-2018-16839.html" + }, + { + "type": "ADVISORY", + "url": "https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5" + }, + { + "type": "ADVISORY", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html" + }, + { + "type": "ADVISORY", + "url": "https://security.gentoo.org/glsa/201903-03" + }, + { + "type": "ADVISORY", + "url": "https://usn.ubuntu.com/3805-1/" + }, + { + "type": "ADVISORY", + "url": "https://www.debian.org/security/2018/dsa-4331" + }, + { + "type": "REPORT", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16839" + }, + { + "type": "FIX", + "url": "https://curl.haxx.se/docs/CVE-2018-16839.html" + }, + { + "type": "FIX", + "url": "https://github.com/curl/curl/commit/f3a24d7916b9173c69a3e0ee790102993833d6c5" + }, + { + "type": "ARTICLE", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html" + } + ], + "affected": [ + { + "ranges": [ { "type": "GIT", - "repo": "https://github.com/curl/curl.git", + "repo": "https://github.com/curl/curl", "events": [ { - "introduced": "c92d2e14cfb0db662f958effd2ac86f995cf1b5a" + "introduced": "f77e89c5d20db09eaebf378ec036a7e796932810" }, { - "fixed": "adca486c125d9a6d9565b9607a19dce803a8b479" + "last_affected": "ed4474316d24db7bdf8753d77d78fd4de5713876" } ] } ], - "versions": 70, + "versions": 114, "database_specific": "" } ], "schema_version": "1.7.3", - "credits": [ - { - "name": "Harry Sintonen", - "type": "FINDER" - }, + "severity": [ { - "name": "Daniel Stenberg", - "type": "REMEDIATION_DEVELOPER" + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ] }, { - "id": "CURL-CVE-2025-15224", - "summary": "libssh key passphrase bypass without agent set", - "details": "When doing SSH-based transfers using either SCP or SFTP, and asked to do\npublic key authentication, curl would wrongly still ask and authenticate using\na locally running SSH agent.", - "aliases": ["CVE-2025-15224"], + "id": "CVE-2018-16842", + "details": "Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.", + "aliases": ["CURL-CVE-2018-16842"], "modified": "", - "published": "2026-01-07T08:00:00Z", - "database_specific": "", + "published": "2018-10-31T19:29:00.690Z", + "related": [ + "SUSE-SU-2018:3607-1", + "SUSE-SU-2018:3608-1", + "SUSE-SU-2018:3624-1", + "SUSE-SU-2018:3681-1", + "SUSE-SU-2019:0339-1", + "openSUSE-SU-2024:10582-1" + ], + "references": [ + { + "type": "ADVISORY", + "url": "http://www.securitytracker.com/id/1042014" + }, + { + "type": "ADVISORY", + "url": "https://access.redhat.com/errata/RHSA-2019:2181" + }, + { + "type": "ADVISORY", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842" + }, + { + "type": "ADVISORY", + "url": "https://curl.haxx.se/docs/CVE-2018-16842.html" + }, + { + "type": "ADVISORY", + "url": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211" + }, + { + "type": "ADVISORY", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html" + }, + { + "type": "ADVISORY", + "url": "https://security.gentoo.org/glsa/201903-03" + }, + { + "type": "ADVISORY", + "url": "https://usn.ubuntu.com/3805-1/" + }, + { + "type": "ADVISORY", + "url": "https://usn.ubuntu.com/3805-2/" + }, + { + "type": "ADVISORY", + "url": "https://www.debian.org/security/2018/dsa-4331" + }, + { + "type": "ADVISORY", + "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html" + }, + { + "type": "REPORT", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16842" + }, + { + "type": "FIX", + "url": "https://curl.haxx.se/docs/CVE-2018-16842.html" + }, + { + "type": "FIX", + "url": "https://github.com/curl/curl/commit/d530e92f59ae9bb2d47066c3c460b25d2ffeb211" + }, + { + "type": "ARTICLE", + "url": "https://lists.debian.org/debian-lts-announce/2018/11/msg00005.html" + } + ], "affected": [ { "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "7.58.0" - }, - { - "fixed": "8.18.0" - } - ] - }, { "type": "GIT", - "repo": "https://github.com/curl/curl.git", + "repo": "https://github.com/curl/curl", "events": [ { - "introduced": "c92d2e14cfb0db662f958effd2ac86f995cf1b5a" + "introduced": "6e1a986e0f35cf36618bd88f42e14ea856b6951b" }, { - "fixed": "16d5f2a5660c61cc27bd5f1c7f512391d1c927aa" + "last_affected": "ed4474316d24db7bdf8753d77d78fd4de5713876" } ] } ], - "versions": 70, + "versions": 164, "database_specific": "" } ], "schema_version": "1.7.3", - "credits": [ - { - "name": "Harry Sintonen", - "type": "FINDER" - }, + "severity": [ { - "name": "Harry Sintonen", - "type": "REMEDIATION_DEVELOPER" + "type": "CVSS_V3", + "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H" } ] }, { - "id": "CURL-CVE-2025-5025", - "summary": "No QUIC certificate pinning with wolfSSL", - "details": "libcurl supports *pinning* of the server certificate public key for HTTPS\ntransfers. Due to an omission, this check is not performed when connecting\nwith QUIC for HTTP/3, when the TLS backend is wolfSSL.\n\nDocumentation says the option works with wolfSSL, failing to specify that it\ndoes not for QUIC and HTTP/3.\n\nSince pinning makes the transfer succeed if the pin is fine, users could\nunwittingly connect to an impostor server without noticing.", - "aliases": ["CVE-2025-5025"], - "modified": "", - "published": "2025-05-28T08:00:00Z", - "database_specific": "", + "id": "CVE-2018-16890", + "details": "libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds.", + "aliases": ["CURL-CVE-2018-16890"], + "modified": "", + "published": "2019-02-06T20:29:00.243Z", + "related": [ + "SUSE-SU-2019:0248-1", + "SUSE-SU-2019:0249-1", + "SUSE-SU-2019:0249-2", + "SUSE-SU-2019:0339-1", + "openSUSE-SU-2019:0174-1", + "openSUSE-SU-2024:10582-1" + ], + "references": [ + { + "type": "WEB", + "url": "https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E" + }, + { + "type": "WEB", + "url": "https://support.f5.com/csp/article/K03314397?utm_source=f5support&%3Butm_medium=RSS" + }, + { + "type": "ADVISORY", + "url": "http://www.securityfocus.com/bid/106947" + }, + { + "type": "ADVISORY", + "url": "https://access.redhat.com/errata/RHSA-2019:3701" + }, + { + "type": "ADVISORY", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890" + }, + { + "type": "ADVISORY", + "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf" + }, + { + "type": "ADVISORY", + "url": "https://curl.haxx.se/docs/CVE-2018-16890.html" + }, + { + "type": "ADVISORY", + "url": "https://security.netapp.com/advisory/ntap-20190315-0001/" + }, + { + "type": "ADVISORY", + "url": "https://usn.ubuntu.com/3882-1/" + }, + { + "type": "ADVISORY", + "url": "https://www.debian.org/security/2019/dsa-4386" + }, + { + "type": "ADVISORY", + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + }, + { + "type": "ADVISORY", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + }, + { + "type": "REPORT", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890" + }, + { + "type": "FIX", + "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890" + }, + { + "type": "FIX", + "url": "https://curl.haxx.se/docs/CVE-2018-16890.html" + }, + { + "type": "FIX", + "url": "https://security.netapp.com/advisory/ntap-20190315-0001/" + }, + { + "type": "FIX", + "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html" + }, + { + "type": "FIX", + "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html" + } + ], "affected": [ { "ranges": [ - { - "type": "SEMVER", - "events": [ - { - "introduced": "8.5.0" - }, - { - "fixed": "8.14.0" - } - ] - }, { "type": "GIT", - "repo": "https://github.com/curl/curl.git", + "repo": "https://github.com/curl/curl", "events": [ { - "introduced": "5f78cf503c786a1d48d13528dde038bccfa6c67c" + "introduced": "4f041c9d6e61829310eb0715d8edb2a232478123" }, { - "fixed": "e1f65937a96a451292e9231339672797da86ecc5" + "fixed": "55d1974913cae8b5ee6d01667a282531ff17d096" } ] } ], - "versions": 14, + "versions": 111, "database_specific": "" } ], "schema_version": "1.7.3", - "credits": [ - { - "name": "Hiroki Kurosawa", - "type": "FINDER" - }, + "severity": [ { - "name": "Stefan Eissing", - "type": "REMEDIATION_DEVELOPER" + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" } ] }, @@ -2381,15 +2528,15 @@ "repo": "https://github.com/curl/curl", "events": [ { - "introduced": "0" + "introduced": "70812c2f32fc5734bcbbe572b9f61c380433ad6a" }, { - "fixed": "27959ecce75cdb2809c0bdb3286e60e08fadb519" + "fixed": "83bedbd730d62b83744cc26fa0433d3f6e2e4cd6" } ] } ], - "versions": 209, + "versions": 94, "database_specific": "" } ], @@ -2818,17 +2965,11 @@ "type": "GIT", "repo": "https://github.com/curl/curl", "events": [ - { - "introduced": "0" - }, - { - "fixed": "76f83f0db23846e254d940ec7" - }, { "introduced": "95a4b8db680beeca879f39c161296d29e22138f1" }, { - "fixed": "76f83f0db23846e254d940ec7" + "fixed": "34cf9d54a46598c44938aa7598820484d7af7133" } ] } @@ -3575,6 +3716,55 @@ } ], "schema_version": "1.7.3" + }, + { + "id": "GHSA-wx95-c6cv-8532", + "summary": "Nokogiri does not check the return value from xmlC14NExecute", + "details": "## Summary\n\nNokogiri's CRuby extension fails to check the return value from `xmlC14NExecute` in the method `Nokogiri::XML::Document#canonicalize` and `Nokogiri::XML::Node#canonicalize`. When canonicalization fails, an empty string is returned instead of raising an exception. This incorrect return value may allow downstream libraries to accept invalid or incomplete canonicalized XML, which has been demonstrated to enable signature validation bypass in SAML libraries.\n\nJRuby is not affected, as the Java implementation correctly raises `RuntimeError` on canonicalization failure.\n\n## Mitigation\n\nUpgrade to Nokogiri `\u003e= 1.19.1`.\n\n## Severity\n\nThe maintainers have assessed this as **Medium** severity. Nokogiri itself is a parsing library without a clear security boundary related to canonicalization, so the direct impact is that a method returns incorrect data on invalid input. However, this behavior was exploited in practice to bypass SAML signature validation in downstream libraries (see References).\n\n## Credit\n\nThis vulnerability was responsibly reported by HackerOne researcher `d4d`.", + "modified": "", + "published": "2026-02-18T21:57:38Z", + "database_specific": "", + "references": [ + { + "type": "WEB", + "url": "https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-wx95-c6cv-8532" + }, + { + "type": "PACKAGE", + "url": "https://github.com/sparklemotion/nokogiri" + } + ], + "affected": [ + { + "package": { + "name": "nokogiri", + "ecosystem": "RubyGems", + "purl": "pkg:gem/nokogiri" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "1.5.1" + }, + { + "fixed": "1.19.1" + } + ] + } + ], + "versions": 155, + "database_specific": "" + } + ], + "schema_version": "1.7.3", + "severity": [ + { + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + } + ] } ] }