Insyde's Security Pledge

Recent Security Advisories

INSYDE-SA-2023051

Product

CVSS Score

Original Date

Last Revised

Supervyse

3.7~7.5

2023-08-08

Summary

Upgrade curl to version 8.1.0

Vulnerability Details

CVSS Vector: Multiple

Upgrade curl to version 8.1.0 which addressed following vulnerabilities.

  1. CVE-2023-28319
    CVSS:7.5
    Description: UAF in SSH sha256 fingerprint check
  2. CVE-2023-28320
    CVSS: 5.9
    Description: siglongjmp race condition
  3. CVE-2023-28321
    CVSS: 5.9
    Description: IDN wildcard match
  4. CVE-2023-28322
    CVSS: 3.7
    Description: more POST-after-PUT confusion

Solution Information

OPF RV 23.05 and after.
SPF RV 23.05 and after.

Acknowledgements

Revision History

Revision #

Date

Description

1

2023-08-08

Initial Release