WinGet is the Windows Package Manager. This project includes a CLI (Command Line Interface), PowerShell modules, and a COM (Component Object Model) API (Application Programming Interface).
cURL / libcURL contains an out-of-bounds read flaw in the GTime2str() function in lib/vtls/x509asn1.c that is triggered when parsing a syntactically incorrect ASN.1 Generalized Time field. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
Pulls in the latest commit from SFS client: be733af
Change includes an update to the curl vcpkg package from 8.8.0 to 8.9.1 to address a component governance issue.
https://github.com/advisories/GHSA-97c4-2w4v-c7r8
cURL / libcURL contains an out-of-bounds read flaw in the GTime2str() function in lib/vtls/x509asn1.c that is triggered when parsing a syntactically incorrect ASN.1 Generalized Time field. This may allow a context-dependent attacker to crash a process linked against the library or potentially disclose memory contents.
Microsoft Reviewers: Open in CodeFlow