Insyde's Security Pledge
Insyde Security Advisory 2023041
Insyde ID | Advisory Category | Impact of Vulnerability | Severity Rating | Original Date | Last Revised |
INSYDE-SA-2023041 | Software | 5.5-9.8 | 06/13/2023 | 06/13/2023 |
Summary:
Upgrade libcurl to 8.0.0.
Vulnerability Details
Upgrade libcurl to 8.0.0 for fixing following vulnerabilities:
- CVE-2023-27533
CVSS:8.8
Description: TELNET option IAC injection. - CVE-2023-27534
CVSS:8.8
Description: SFTP path ~ resolving discrepancy. - CVE-2023-27535
CVSS:7.5
Description: FTP too eager connection reuse. - CVE-2023-27536
CVSS:9.8
Description: GSS delegation too eager connection re-use. - CVE-2023-27537
CVSS:5.9
Description: HSTS double-free. - CVE-2023-27538
CVSS:5.5
Description: SSH connection to eager reuse still.
Solution Information:
OPF RV 23.05 and after.
SPF RV 23.05 and after.
Revision History:
Revision | Date | Description |
1.0 | 06/13/2023 | Initial Release |
-- | -- | -- |