Insyde Security Advisory 2023051

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023048 Software - 3.7~7.5 08/08/2023 08/08/2023

Summary:

Upgrade curl to version 8.1.0

Vulnerability Details:

Upgrade curl to version 8.1.0 which addressed following vulnerabilities.

  1. CVE-2023-28319
    CVSS:7.5
    Description: UAF in SSH sha256 fingerprint check
  2. CVE-2023-28320
    CVSS: 5.9
    Description: siglongjmp race condition
  3. CVE-2023-28321
    CVSS: 5.9
    Description: IDN wildcard match
  4. CVE-2023-28322
    CVSS: 3.7
    Description: more POST-after-PUT confusion

Solution Information:
OPF RV 23.05 and after.
SPF RV 23.05 and after.

Revision History:

Revision Date Description
1.0 08/08/2023 Initial Release
-- -- --

Return to Insyde's Security Pledge