Insyde Security Advisory 2023068

Insyde ID Advisory Category Impact of Vulnerability Severity Rating Original Date Last Revised
INSYDE-SA-2023068 Software See description 5.3~6.5 03/12/2024 03/12/2024

Summary:

Upgrade curl to version 8.5.0.

Vulnerability Details:

Upgrade curl to version 8.5.0 which addressed the following vulnerabilities.

  1. CVE-2023-46218
    CVSS: 6.3
    CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
    Description: cookie mixed case PSL bypass
  2. CVE-2023-46219
    CVSS: 5.3
    CVSS Vector String: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
    Description: HSTS long file name clears contents.

Solution Information:
SPF: RV24.05 and after.
OPF: RV24.05 and after.
OPF 2.0: RV24.05 and after.

Revision History:

Revision Date Description
1.0 03/12/2024 Initial Release
- - -

Return to Insyde's Security Pledge