MCP Server Proto-OKN

## Chat Transcript # LibCURL Vulnerabilities in SecureChain KG 👤 **User** @securechainkg: Are there any critical vulnerabilities reported for libcurl versions 7.8 or newer? --- 🧠 **Assistant** I'll search the SecureChain knowledge graph for critical vulnerabilities in libcurl versions 7.8 or newer. Let me start by understanding the knowledge graph structure. *[Retrieved SecureChain KG description]* SecureChain KG is a knowledge graph for resilient, trustworthy, and secure software supply chains. It's a large-scale knowledge graph that maps software components and vulnerabilities across multiple programming languages to strengthen software supply chain security. Built for developers, security analysts, and policymakers, it contains 9.8 million entities capturing 803,769 software packages, 8.6 million software versions, 259,806 vulnerabilities, and 53,378 hardware components with their versions, interconnected through 73.5 million triples. *[Retrieved schema to understand data structure]* The schema shows: - **Classes**: Software, SoftwareVersion, Vulnerability, VulnerabilityType - **Key Relationships**: - `sc:hasSoftwareVersion` - links Software to SoftwareVersion - `sc:vulnerableTo` - links SoftwareVersion to Vulnerability - `sc:vulnerabilityType` - links Vulnerability to VulnerabilityType *[Executed SPARQL query for libcurl vulnerabilities]* Based on my search of the SecureChain KG knowledge graph, I found **one critical vulnerability** reported for libcurl versions 7.8 or newer: ## CVE-2023-27537 **Affected Version:** libcurl 7.88.1 **Vulnerability Type:** CWE-415 (Double Free) **Details:** This vulnerability is classified as CWE-415, which is a "Double Free" vulnerability. A double free occurs when a program attempts to free the same memory location more than once, which can lead to memory corruption, crashes, or potentially exploitable security issues. --- **Important Notes:** 1. The SecureChain KG currently has limited coverage of libcurl versions in the 7.8+ range - only version 7.88.1 is present in the knowledge graph with vulnerability information. 2. This doesn't mean other versions don't have vulnerabilities; it means they may not be represented in this particular knowledge graph yet. For comprehensive vulnerability scanning, I'd recommend also checking: - The National Vulnerability Database (NVD) directly - The official curl/libcurl security advisories - MITRE CVE database 3. CWE-415 (Double Free) vulnerabilities can be serious as they may lead to denial of service, memory corruption, or in some cases, remote code execution depending on the specific circumstances. Would you like me to search for more information about this vulnerability or check for other related security issues in the knowledge graph? --- 👤 **User** Create transcript --- *Created by [mcp-proto-okn](https://github.com/sbl-sdsc/mcp-proto-okn) 0.5.0 on 2026-01-17* **Model:** Claude Sonnet 4.5 (claude-sonnet-4-5-20250929)