{ "document": { "aggregate_severity": { "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "CVE-2024-7264: fix ASN.1 GTime2str() heap buffer over-read caused by\n off-by-one in fractional seconds length calculation", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776599416", "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776599416" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/almalinux9.2esu/advisories/2026/clsa-2026_1776599416.json" } ], "tracking": { "current_release_date": "2026-04-19T11:51:12Z", "generator": { "date": "2026-04-19T11:51:12Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2026:1776599416", "initial_release_date": "2026-04-19T11:51:12Z", "revision_history": [ { "date": "2026-04-19T11:51:12Z", "number": "1", "summary": "Initial version" } ], "status": "final", "version": "1" }, "title": "curl: Fix of CVE-2024-7264" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "AlmaLinux 9.2", "product": { "name": "AlmaLinux 9.2", "product_id": "AlmaLinux-9.2", "product_identification_helper": { "cpe": "cpe:2.3:o:almalinux:almalinux:9.2:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "AlmaLinux" } ], "category": "vendor", "name": "AlmaLinux OS Foundation" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product": { "name": "libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product_id": "libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl-minimal@7.76.1-31.el9_2.1.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product": { "name": "libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product_id": "libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl-devel@7.76.1-31.el9_2.1.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product": { "name": "curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product_id": "curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/curl@7.76.1-31.el9_2.1.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product": { "name": "libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product_id": "libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl@7.76.1-31.el9_2.1.tuxcare.els9?arch=x86_64" } } }, { "category": "product_version", "name": "curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product": { "name": "curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product_id": "curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/curl-minimal@7.76.1-31.el9_2.1.tuxcare.els9?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "product": { "name": "libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "product_id": "libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl-minimal@7.76.1-31.el9_2.1.tuxcare.els9?arch=i686" } } }, { "category": "product_version", "name": "libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "product": { "name": "libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "product_id": "libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl-devel@7.76.1-31.el9_2.1.tuxcare.els9?arch=i686" } } }, { "category": "product_version", "name": "libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "product": { "name": "libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "product_id": "libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "product_identification_helper": { "purl": "pkg:rpm/tuxcare/libcurl@7.76.1-31.el9_2.1.tuxcare.els9?arch=i686" } } } ], "category": "architecture", "name": "i686" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" }, "product_reference": "libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686" }, "product_reference": "libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" }, "product_reference": "libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686" }, "product_reference": "libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" }, "product_reference": "curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" }, "product_reference": "libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686" }, "product_reference": "libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "relates_to_product_reference": "AlmaLinux-9.2" }, { "category": "default_component_of", "full_product_name": { "name": "curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64 as a component of AlmaLinux 9.2", "product_id": "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" }, "product_reference": "curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "relates_to_product_reference": "AlmaLinux-9.2" } ] }, "vulnerabilities": [ { "cve": "CVE-2025-0725", "cwe": { "id": "CWE-680", "name": "Integer Overflow to Buffer Overflow" }, "notes": [ { "category": "description", "text": "When libcurl is asked to perform automatic gzip decompression of\ncontent-encoded HTTP responses with the `CURLOPT_ACCEPT_ENCODING` option,\n**using zlib 1.2.0.3 or older**, an attacker-controlled integer overflow would\nmake libcurl perform a buffer overflow.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-0725" } ], "release_date": "2025-02-05T09:18:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-19T11:50:18.845138Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776599416", "product_ids": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776599416" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 4.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "version": "3.1" }, "products": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2025-14017", "cwe": { "id": "CWE-1058", "name": "Invokable Control Element in Multi-Thread Context with non-Final Static Storable or Member Element" }, "notes": [ { "category": "description", "text": "When doing multi-threaded LDAPS transfers (LDAP over TLS) with libcurl,\nchanging TLS options in one thread would inadvertently change them globally\nand therefore possibly also affect other concurrently setup transfers.\nDisabling certificate verification for a specific transfer could\nunintentionally disable the feature for other threads as well.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-14017" } ], "release_date": "2026-01-08T10:07:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-19T11:50:18.845138Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776599416", "product_ids": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776599416" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2023-46219", "cwe": { "id": "CWE-311", "name": "Missing Encryption of Sensitive Data" }, "notes": [ { "category": "description", "text": "When saving HSTS data to an excessively long file name, curl could end up\nremoving all contents, making subsequent requests using that file unaware of\nthe HSTS status they should otherwise use.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-46219" }, { "category": "external", "summary": "https://curl.se/docs/CVE-2023-46219.html", "url": "https://curl.se/docs/CVE-2023-46219.html" }, { "category": "external", "summary": "https://hackerone.com/reports/2236133", "url": "https://hackerone.com/reports/2236133" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UOGXU25FMMT2X6UUITQ7EZZYMJ42YWWD/" }, { "category": "external", "summary": "https://security.netapp.com/advisory/ntap-20240119-0007/", "url": "https://security.netapp.com/advisory/ntap-20240119-0007/" }, { "category": "external", "summary": "https://www.debian.org/security/2023/dsa-5587", "url": "https://www.debian.org/security/2023/dsa-5587" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3ZX3VW67N4ACRAPMV2QS2LVYGD7H2MVE/" } ], "release_date": "2023-12-12T02:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-19T11:50:18.845138Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776599416", "product_ids": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776599416" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] }, { "cve": "CVE-2024-11053", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "notes": [ { "category": "description", "text": "When asked to both use a `.netrc` file for credentials and to follow HTTP\nredirects, curl could leak the password used for the first host to the\nfollowed-to host under certain circumstances.\nThis flaw only manifests itself if the netrc file has an entry that matches\nthe redirect target hostname but the entry either omits just the password or\nomits both login and password.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2024-11053" } ], "release_date": "2024-12-11T00:00:00Z", "remediations": [ { "category": "vendor_fix", "date": "2026-04-19T11:50:18.845138Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2026:1776599416", "product_ids": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2026:1776599416" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "AlmaLinux-9.2:curl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:curl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-devel-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.i686", "AlmaLinux-9.2:libcurl-minimal-0:7.76.1-31.el9_2.1.tuxcare.els9.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ] } ] }