#Open Source Software

**Why is the Red Hat Inc. the assigning CNA (CVE Numbering Authority)?** CVE-2024-6387 is regarding a vulnerability in OppenSSH's server (sshd). Red Hat created this CVE on its behalf.

**What is the curl open-source project?** Curl is a computer software project providing a library (libcurl) and command-line tool (curl) for transferring data using various network protocols. The name stands for "Client for URL". The Windows implementation provides access to the command-line tool, not the library. **What version of curl addresses this CVE?** Curl version 7.87.0 addresses this vulnerability. **Is CVE-2022-43552 going to be addressed in all supported versions of Windows?** Supported versions of Windows will be updated in a future security release after the March 14, 2023 release. This CVE will be updated when the update is available. Use the Security Update Guide Profile to sign up for automatic notifications. **Where can I find more information about this curl vulnerability?** More information can be found at NVD and curl.se **Are there any workarounds that can be implemented?** Preventing the execution of curl.exe is a workaround to be considered Use a WDAC p...

**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**Why is this OpenSSL Software Foundation CVE included in the Security Update Guide?** The vulnerability assigned to this CVE is in OpenSSL Software which is consumed by the Microsoft products listed in the Security Updates table and are known to be affected. It is being documented in the Security Update Guide to announce that the latest builds of these products are no longer vulnerable. Please see Security Update Guide Supports CVEs Assigned by Industry Partners for more information.

**Why is this a HackerOne CVE?** This CVE is regarding a vulnerability in the curl open source library which is used by Windows. The July 2022 Windows Security Updates includes the most recent version of this library which addresses the vulnerability and others. Please see curl security problems for information on all of the vulnerabilities that have been addressed.

**Why is this a Hacker One CVE?** This CVE is regarding a vulnerability in the curl open source library which is used by Windows. The January 2022 Windows Security Updates includes the most recent version of this library which addresses the vulnerability and others. Please see curl security problems for information on all of the vulnerabilities that have been addressed.