Vulnerability identifier: #VU48893
Vulnerability risk: Medium
Exploitation vector: Network
Exploit availability: No
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the way cURL handles PASV responses. A remote attacker with control over malicious FTP server can use the
PASV response to trick curl into connecting
back to a given IP address and port, and this way potentially make curl
extract information about services that are otherwise private and not
disclosed, for example doing port scanning and service banner extractions.
Install updates from vendor's website.
Vulnerable software versions
cURL: 4.0 - 7.73.0
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?