Insyde Security Advisory 2023041

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023041 Software 5.5-9.8 06/13/2023 06/13/2023

Summary:

Upgrade libcurl to 8.0.0.

Vulnerability Details

Upgrade libcurl to 8.0.0 for fixing following vulnerabilities:

  1. CVE-2023-27533
    CVSS:8.8
    Description: TELNET option IAC injection.
  2. CVE-2023-27534
    CVSS:8.8
    Description: SFTP path ~ resolving discrepancy.
  3. CVE-2023-27535
    CVSS:7.5
    Description: FTP too eager connection reuse.
  4. CVE-2023-27536
    CVSS:9.8
    Description: GSS delegation too eager connection re-use.
  5. CVE-2023-27537
    CVSS:5.9
    Description: HSTS double-free.
  6. CVE-2023-27538
    CVSS:5.5
    Description: SSH connection to eager reuse still.


Solution Information:
OPF RV 23.05 and after.
SPF RV 23.05 and after.

Revision History:

Revision Date Description
1.0 06/13/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge