The version of Curl installed on the remote host is is missing security update. It is, therefore, affected by a denial of service vulnerability. Due to a mistake in libcurl's WebSocket code, a malicious server can send a particularly crafted packet which makes libcurl get trapped in an endless busy-loop. There is no other way for the application to escape or exit this loop other than killing the thread/process. This might be used to DoS libcurl-using application. (CVE-2025-5399) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. File data…Read More
Curl 8.13.0 < 8.14.1 DoS (CVE-2025-5399)
