CVE-2020-19909

Public on 2023-08-22
Modified on 2024-02-01
Description
Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via crafted value as the retry delay.
Severity
Low severity
Low
CVSS v3 Base Score
3.3
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 curl Pending Fix
Amazon Linux 2 - Core curl 2023-08-31 ALAS2-2023-2230 Fixed
Amazon Linux 2023 curl Not Affected

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.3 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
NVD CVSSv3 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References

Red Hat: CVE-2020-19909 Mitre: CVE-2020-19909