CVE-2010-0734 – curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback
https://notcve.org/view.php?id=CVE-2010-0734
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. content_encoding.c en libcurl v7.10.5 hasta v7.19.7, cuando zlib está habilitado, no restringe adecuadamente la cantidad de datos de llamadas devueltas, enviadas a una aplicación que descomprime automaticamente las peticiones, lo que podría permitir a un atacante remoto provocar una denegación de servicio (caída de aplicación) o tener o tro impacto sin especificar mediante el envío de datos comprimidos manipulados a una aplicación que se basa en el límite destinado data-length. • http://curl.haxx.se/docs/adv_20100209.html http://curl.haxx.se/docs/security.html#20100209 http://curl.haxx.se/libcurl-contentencoding.patch http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html http://secunia.com/advisories/38843 http://secunia.com/advisories/38981 http://secunia.com/advisories/39087 http: • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2009-2417 – curl: incorrect verification of SSL certificate with NUL in name
https://notcve.org/view.php?id=CVE-2009-2417
lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. lib/ssluse.c en cURL y libcurl v7.4 hasta v7.19.5, cuando se usa OpenSSL, no maneja de forma aecuada el caracter '\0' en un nombre de dominio en el campo sujeto del Common Name (CN) de un certificado X.509, lo que permite a atacantes de hombre en el medio hacer un spoofing de servidores SSL a través de la un certificado de una autoridad de Certificación legítima, manipulado, relativo a CVE_2009-2408. • http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417 • CWE-310: Cryptographic Issues •
CVE-2009-0037 – cURL/libcURL 7.19.3 - HTTP 'Location:' Redirect Security Bypass
https://notcve.org/view.php?id=CVE-2009-0037
The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. La implementación de redirección en curl y libcurl v5.11 hasta v7.19.3, cuando CURLOPT_FOLLOWLOCATION esta activado, acepta valores de localización a elección del usuario, lo que permite a servidores HTTP remotos (1)iniciar peticiones arbitrarias a servidores de red interna, (2) leer o sobreescribir ficheros arbitrariamente a través de una redirección a un fichero: URL, o (3) ejecutar comando arbitrariamente a través de una redirección a un scp: URL. libcURL suffers from an arbitrary file access and creation vulnerability. • https://www.exploit-db.com/exploits/32834 http://curl.haxx.se/docs/adv_20090303.html http://curl.haxx.se/lxr/source/CHANGES http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.vmware.com/pipermail/security-announce/2009/000060.html http://secunia.com/advisories/34138 http://secunia.com/advisories/34202 http://secunia.com/advisories/34237 http://secunia.com/advisories • CWE-352: Cross-Site Request Forgery (CSRF) •
CVE-2007-3564
https://notcve.org/view.php?id=CVE-2007-3564
libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions. El libcurl 7.14.0 hasta el 7.16.3, cuando está construido sobre el soporte GnuTLS, no verifica la espiración del certificado SSL/TLS o las fechas de activación, lo que permite a atacantes remotos evitar ciertas restricciones de acceso. • http://secunia.com/advisories/26104 http://secunia.com/advisories/26108 http://secunia.com/advisories/26128 http://secunia.com/advisories/26231 http://www.curl.haxx.se/docs/adv_20070710.html http://www.debian.org/security/2007/dsa-1333 http://www.securityfocus.com/bid/24938 http://www.trustix.org/errata/2007/0023 http://www.ubuntu.com/usn/usn-484-1 http://www.vupen.com/english/advisories/2007/2551 https://exchange.xforce.ibmcloud.com/vulnerabilities/35479 •
CVE-2005-3185
https://notcve.org/view.php?id=CVE-2005-3185
Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt http://docs.info.apple.com/article.html?artnum=302847 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/17192 http://secunia.com/advisories/17193 http://secunia.com/advisories/17203 http://secunia.com/advisories/17208 http://secunia.com/advisories/17228 http://secunia.com/advisories/17247 http://secunia.com/advisories/17297 http://secunia.com/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •