dev/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

curl-impersonate: add CVE-2023-38545 as a known vulnerability

Browse Source
This commit is contained in:
Lily Foster 2023-10-12 15:11:47 -04:00
parent bd1cf55f63
commit d9eddb2270
No known key found for this signature in database
GPG Key ID: 49340081E484C893
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
pkgs/tools/networking/curl-impersonate/default.nix
View File

@ -153,6 +153,7 @@ let
maintainers = with maintainers; [ deliciouslytyped lilyinstarlight ];
platforms = platforms.unix;
knownVulnerabilities = [
"CVE-2023-38545" # SOCKS5 heap buffer overflow - https://curl.se/docs/CVE-2023-38545.html
"CVE-2023-32001" # fopen TOCTOU race condition - https://curl.se/docs/CVE-2023-32001.html
"CVE-2022-43551" # HSTS bypass - https://curl.se/docs/CVE-2022-43551.html
"CVE-2022-42916" # HSTS bypass - https://curl.se/docs/CVE-2022-42916.html