{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Low" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"curl security update", "category":"general", "title":"Synopsis" }, { "text":"An update for curl is now available for openEuler-22.03-LTS-SP3", "category":"general", "title":"Summary" }, { "text":"cURL is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various protocols.\n\nSecurity Fix(es):\n\nA vulnerability has been found in cURL (Network Utility Software) and classified as problematic. Affected by this vulnerability is an unknown code block of the component netrc File Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2024-11053)", "category":"general", "title":"Description" }, { "text":"An update for curl is now available for openEuler-22.03-LTS-SP3.\n\nopenEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Low", "category":"general", "title":"Severity" }, { "text":"curl", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2025-1024", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1024" }, { "summary":"CVE-2024-11053", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2024-11053&packageName=curl" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2024-11053" }, { "summary":"openEuler-SA-2025-1024 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2025/csaf-openeuler-sa-2025-1024.json" } ], "title":"An update for curl is now available for openEuler-22.03-LTS-SP3", "tracking":{ "initial_release_date":"2025-01-10T21:10:48+08:00", "revision_history":[ { "date":"2025-01-10T21:10:48+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2025-01-10T21:10:48+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2025-01-10T21:10:48+08:00", "id":"openEuler-SA-2025-1024", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"openEuler-22.03-LTS-SP3", "name":"openEuler-22.03-LTS-SP3" }, "name":"openEuler-22.03-LTS-SP3", "category":"product_version" } ], "category":"product_name" }, { "name":"noarch", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"curl-help-7.79.1-36.oe2203sp3.noarch.rpm", "name":"curl-help-7.79.1-36.oe2203sp3.noarch.rpm" }, "name":"curl-help-7.79.1-36.oe2203sp3.noarch.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"curl-7.79.1-36.oe2203sp3.aarch64.rpm", "name":"curl-7.79.1-36.oe2203sp3.aarch64.rpm" }, "name":"curl-7.79.1-36.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"curl-debuginfo-7.79.1-36.oe2203sp3.aarch64.rpm", "name":"curl-debuginfo-7.79.1-36.oe2203sp3.aarch64.rpm" }, "name":"curl-debuginfo-7.79.1-36.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"curl-debugsource-7.79.1-36.oe2203sp3.aarch64.rpm", "name":"curl-debugsource-7.79.1-36.oe2203sp3.aarch64.rpm" }, "name":"curl-debugsource-7.79.1-36.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"libcurl-7.79.1-36.oe2203sp3.aarch64.rpm", "name":"libcurl-7.79.1-36.oe2203sp3.aarch64.rpm" }, "name":"libcurl-7.79.1-36.oe2203sp3.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"libcurl-devel-7.79.1-36.oe2203sp3.aarch64.rpm", "name":"libcurl-devel-7.79.1-36.oe2203sp3.aarch64.rpm" }, "name":"libcurl-devel-7.79.1-36.oe2203sp3.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"curl-7.79.1-36.oe2203sp3.src.rpm", "name":"curl-7.79.1-36.oe2203sp3.src.rpm" }, "name":"curl-7.79.1-36.oe2203sp3.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"curl-7.79.1-36.oe2203sp3.x86_64.rpm", "name":"curl-7.79.1-36.oe2203sp3.x86_64.rpm" }, "name":"curl-7.79.1-36.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"curl-debuginfo-7.79.1-36.oe2203sp3.x86_64.rpm", "name":"curl-debuginfo-7.79.1-36.oe2203sp3.x86_64.rpm" }, "name":"curl-debuginfo-7.79.1-36.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"curl-debugsource-7.79.1-36.oe2203sp3.x86_64.rpm", "name":"curl-debugsource-7.79.1-36.oe2203sp3.x86_64.rpm" }, "name":"curl-debugsource-7.79.1-36.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"libcurl-7.79.1-36.oe2203sp3.x86_64.rpm", "name":"libcurl-7.79.1-36.oe2203sp3.x86_64.rpm" }, "name":"libcurl-7.79.1-36.oe2203sp3.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:22.03-LTS-SP3" }, "product_id":"libcurl-devel-7.79.1-36.oe2203sp3.x86_64.rpm", "name":"libcurl-devel-7.79.1-36.oe2203sp3.x86_64.rpm" }, "name":"libcurl-devel-7.79.1-36.oe2203sp3.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"curl-help-7.79.1-36.oe2203sp3.noarch.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:curl-help-7.79.1-36.oe2203sp3.noarch", "name":"curl-help-7.79.1-36.oe2203sp3.noarch as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"curl-7.79.1-36.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.aarch64", "name":"curl-7.79.1-36.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"curl-debuginfo-7.79.1-36.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:curl-debuginfo-7.79.1-36.oe2203sp3.aarch64", "name":"curl-debuginfo-7.79.1-36.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"curl-debugsource-7.79.1-36.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:curl-debugsource-7.79.1-36.oe2203sp3.aarch64", "name":"curl-debugsource-7.79.1-36.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"libcurl-7.79.1-36.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:libcurl-7.79.1-36.oe2203sp3.aarch64", "name":"libcurl-7.79.1-36.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"libcurl-devel-7.79.1-36.oe2203sp3.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:libcurl-devel-7.79.1-36.oe2203sp3.aarch64", "name":"libcurl-devel-7.79.1-36.oe2203sp3.aarch64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"curl-7.79.1-36.oe2203sp3.src.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.src", "name":"curl-7.79.1-36.oe2203sp3.src as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"curl-7.79.1-36.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.x86_64", "name":"curl-7.79.1-36.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"curl-debuginfo-7.79.1-36.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:curl-debuginfo-7.79.1-36.oe2203sp3.x86_64", "name":"curl-debuginfo-7.79.1-36.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"curl-debugsource-7.79.1-36.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:curl-debugsource-7.79.1-36.oe2203sp3.x86_64", "name":"curl-debugsource-7.79.1-36.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"libcurl-7.79.1-36.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:libcurl-7.79.1-36.oe2203sp3.x86_64", "name":"libcurl-7.79.1-36.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-22.03-LTS-SP3", "product_reference":"libcurl-devel-7.79.1-36.oe2203sp3.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-22.03-LTS-SP3:libcurl-devel-7.79.1-36.oe2203sp3.x86_64", "name":"libcurl-devel-7.79.1-36.oe2203sp3.x86_64 as a component of openEuler-22.03-LTS-SP3" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2024-11053", "notes":[ { "text":"When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\n\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-22.03-LTS-SP3:curl-help-7.79.1-36.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:curl-debuginfo-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:curl-debugsource-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:libcurl-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:libcurl-devel-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.src", "openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:curl-debuginfo-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:curl-debugsource-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:libcurl-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:libcurl-devel-7.79.1-36.oe2203sp3.x86_64" ] }, "remediations":[ { "product_ids":[ "openEuler-22.03-LTS-SP3:curl-help-7.79.1-36.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:curl-debuginfo-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:curl-debugsource-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:libcurl-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:libcurl-devel-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.src", "openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:curl-debuginfo-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:curl-debugsource-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:libcurl-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:libcurl-devel-7.79.1-36.oe2203sp3.x86_64" ], "details":"curl security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2025-1024" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"LOW", "baseScore":3.4, "vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N", "version":"3.1" }, "products":[ "openEuler-22.03-LTS-SP3:curl-help-7.79.1-36.oe2203sp3.noarch", "openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:curl-debuginfo-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:curl-debugsource-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:libcurl-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:libcurl-devel-7.79.1-36.oe2203sp3.aarch64", "openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.src", "openEuler-22.03-LTS-SP3:curl-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:curl-debuginfo-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:curl-debugsource-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:libcurl-7.79.1-36.oe2203sp3.x86_64", "openEuler-22.03-LTS-SP3:libcurl-devel-7.79.1-36.oe2203sp3.x86_64" ] } ], "threats":[ { "details":"Low", "category":"impact" } ], "title":"CVE-2024-11053" } ] }