Insyde's Security Pledge
Insyde Security Advisory 2023030
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2023030 | Software | 6.5-9/1 | 05/09/2023 | 05/09/2023 |
Summary:
Upgrade libcurl to 7.88.0
Vulnerability Details
Upgrade libcurl to 7.88.0 to fix the following vulnerabilities.
- CVE-2023-23914
CVSS:9.1
Description: HSTS ignored on multiple requests - CVE-2023-23915
CVSS:6.5
Description: HSTS amnesia with --parallel - CVE-2023-0215
CVSS:5.9
Description: Use-after-free following BIO_new_NDEF - CVE-2023-23916
CVSS:6.5
Description: HTTP multi-header compression denial of service
OPF RV 23.05 and after.
SPF RV 23.05 and after.
Revision History:
Revision | Date | Description |
1.0 | 05/09/2023 | Initial Release |
-- | -- | -- |