Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023030

Product

CVSS Score

Original Date

Last Revised

Supervyse

6.5-9.1

2023-05-09

Summary

Upgrade libcurl to 7.88.0

Vulnerability Details

CVSS Vector: Multiple

Upgrade libcurl to 7.88.0 to fix the following vulnerabilities.

  1. CVE-2023-23914
    CVSS:9.1
    Description: HSTS ignored on multiple requests
  2. CVE-2023-23915
    CVSS:6.5
    Description: HSTS amnesia with –parallel
  3. CVE-2023-0215
    CVSS:5.9
    Description: Use-after-free following BIO_new_NDEF
  4. CVE-2023-23916
    CVSS:6.5
    Description: HTTP multi-header compression denial of service

Solution Information

OPF RV 23.05 and after.
SPF RV 23.05 and after.

Acknowledgements

Revision History

Revision #

Date

Description

1

2023-05-09

Initial Release