{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2022-27781: add limit of certificates which can be traversed breaking\n infinite loop in NSS cert verification\n- CVE-2023-27533: prevent TELNET option from IAC injection\n- CVE-2023-27534: fix SFTP path '~' resolving discrepancy", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776847322", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776847322" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/centos-stream8els/advisories/2026/clsa-2026_1776847322.json" } ], "tracking": { "current_release_date": "2026-04-22T08:42:56Z", "generator": { "date": "2026-04-22T08:42:56Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1776847322", "initial_release_date": "2026-04-22T08:42:56Z", "revision_history": [ { "date": "2026-04-22T08:42:56Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "curl: Fix of 3 CVEs" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Community Enterprise Operating System 8", "product": { "name": "Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8", "product_identification_helper": { "cpe": "cpe:2.3:o:centos:centos:8:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Community Enterprise Operating System" } ], "category": "vendor", "name": "Red Hat, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product": { "name": "curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product_id": "curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/curl@7.61.1-34.el8.tuxcare.els7?arch=x86_64" } } }, { "category": "product_version", "name": "libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product": { "name": "libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product_id": "libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl-devel@7.61.1-34.el8.tuxcare.els7?arch=x86_64" } } }, { "category": "product_version", "name": "libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product": { "name": "libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product_id": "libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl-minimal@7.61.1-34.el8.tuxcare.els7?arch=x86_64" } } }, { "category": "product_version", "name": "libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product": { "name": "libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product_id": "libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl@7.61.1-34.el8.tuxcare.els7?arch=x86_64" } } }, { "category": "product_version", "name": "curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product": { "name": "curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product_id": "curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/curl-minimal@7.61.1-34.el8.tuxcare.els7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "product": { "name": "libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "product_id": "libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl-devel@7.61.1-34.el8.tuxcare.els7?arch=i686" } } }, { "category": "product_version", "name": "libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "product": { "name": "libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "product_id": "libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl-minimal@7.61.1-34.el8.tuxcare.els7?arch=i686" } } }, { "category": "product_version", "name": "libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "product": { "name": "libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "product_id": "libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl@7.61.1-34.el8.tuxcare.els7?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "curl-0:7.61.1-34.el8.tuxcare.els7.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:curl-0:7.61.1-34.el8.tuxcare.els7.x86_64" }, "product_reference": "curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64" }, "product_reference": "libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686" }, "product_reference": "libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" }, "product_reference": "libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686" }, "product_reference": "libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-0:7.61.1-34.el8.tuxcare.els7.i686 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.i686" }, "product_reference": "libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64" }, "product_reference": "libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "relates_to_product_reference": "CentOS-Stream-8" }, { "category": "default_component_of", "full_product_name": { "name": "curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64 as a component of Community Enterprise Operating System 8", "product_id": "CentOS-Stream-8:curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" }, "product_reference": "curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "relates_to_product_reference": "CentOS-Stream-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2022-27781", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "libcurl provides the `CURLOPT_CERTINFO` option to allow applications torequest details to be returned about a server's certificate chain.Due to an erroneous function, a malicious server could make libcurl built withNSS get stuck in a never-ending busy-loop when trying to retrieve thatinformation.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-27781" }, { "category": "external", "summary": "https://hackerone.com/reports/1555441", "url": "https://hackerone.com/reports/1555441" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html", "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202212-01", "url": "https://security.gentoo.org/glsa/202212-01" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20220609-0009/", "url": "https://security.netapp.com/advisory/ntap-20220609-0009/" }, { "category": "external", "summary": "https://www.debian.org/security/2022/dsa-5197", "url": "https://www.debian.org/security/2022/dsa-5197" } ], "release_date": "2022-06-02T14:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-22T08:42:06.033557Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776847322", "product_ids": [ "CentOS-Stream-8:curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776847322" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-27533", "cwe": { "id": "CWE-75", "name": "Failure to Sanitize Special Elements into a Different Plane (Special Element Injection)" }, "notes": [ { "category": "description", "text": "A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and \"telnet options\" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform option negotiation without the application's intent. This vulnerability could be exploited if an application allows user input, thereby enabling attackers to execute arbitrary code on the system.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-27533" }, { "category": "external", "summary": "https://hackerone.com/reports/1891474", "url": "https://hackerone.com/reports/1891474" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00025.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202310-12", "url": "https://security.gentoo.org/glsa/202310-12" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230420-0011/", "url": "https://security.netapp.com/advisory/ntap-20230420-0011/" } ], "release_date": "2023-03-30T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-22T08:42:06.033557Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776847322", "product_ids": [ "CentOS-Stream-8:curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776847322" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-27534", "cwe": { "id": "CWE-22", "name": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')" }, "notes": [ { "category": "description", "text": "A path traversal vulnerability exists in curl <8.0.0 SFTP implementation causes the tilde (~) character to be wrongly replaced when used as a prefix in the first path element, in addition to its intended use as the first element to indicate a path relative to the user's home directory. Attackers can exploit this flaw to bypass filtering or execute arbitrary code by crafting a path like /~2/foo while accessing a server with a specific user.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "CentOS-Stream-8:curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-27534" }, { "category": "external", "summary": "https://hackerone.com/reports/1892351", "url": "https://hackerone.com/reports/1892351" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html", "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00016.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/36NBD5YLJXXEDZLDGNFCERWRYJQ6LAQW/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202310-12", "url": "https://security.gentoo.org/glsa/202310-12" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20230420-0012/", "url": "https://security.netapp.com/advisory/ntap-20230420-0012/" } ], "release_date": "2023-03-30T20:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-22T08:42:06.033557Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776847322", "product_ids": [ "CentOS-Stream-8:curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776847322" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "CentOS-Stream-8:curl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:curl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-devel-0:7.61.1-34.el8.tuxcare.els7.x86_64", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.i686", "CentOS-Stream-8:libcurl-minimal-0:7.61.1-34.el8.tuxcare.els7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }