Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close


Published: 22 August 2023

** DISPUTED ** Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error.


Priority reason:
Crash in command-line tool only
This CVE is not a security issue, and the curl author intends
on disputing this CVE. Marking as not-affected.
MITRE refused upstream request to reject CVE



Cvss 3 Severity Score


Score breakdown


Package Release Status
Launchpad, Ubuntu, Debian
bionic Not vulnerable

focal Not vulnerable
jammy Not vulnerable

lunar Not vulnerable

trusty Not vulnerable

Released (7.66.0-1)
xenial Not vulnerable

Severity score breakdown

Parameter Value
Base score 3.3
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact None
Availability impact Low
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L