CVSS: 5.0EPSS: 0%CPEs: 131EXPL: 0CVE-2013-1944 – curl: Cookie domain suffix match vulnerability
https://notcve.org/view.php?id=CVE-2013-1944
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. La función tailMatch en cookie.c en cURL y libcurl antes de v7.30.0 no comprueba correctamente la ruta del dominio al enviar las cookies, lo que permite robar las cookies a atacantes remotos a través de un sufijo coincidente en el dominio de una URL. • http://curl.haxx.se/docs/adv_20130412.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 92%CPEs: 9EXPL: 2CVE-2013-0249 – cURL - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2013-0249
Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. Desbordamiento de búfer basado en pila en la función de curl_sasl_create_digest_md5_message de libcurl en lib/curl_sasl.c v7.26.0 hasta v7.28.1 a durante la negociación de la autenticación SASL DIGEST-MD5, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de una cadena demasiado larga en el parámetro 'realm' en un mensaje (1) POP3, (2) SMTP o (3) IMAP. • https://www.exploit-db.com/exploits/24487 http://blog.volema.com/curl-rce.html http://curl.haxx.se/docs/adv_20130206.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099140.html http://nakedsecurity.sophos.com/2013/02/10/anatomy-of-a-vulnerability-curl-web-download-toolkit-holed-by-authentication-bug http://packetstormsecurity.com/files/120147/cURL-Buffer-Overflow.html http://packetstormsecurity.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0CVE-2012-0036
https://notcve.org/view.php?id=CVE-2012-0036
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. curl y libcurl v7.2x anteriores v7.24.0 no consideran de forma adecuada los caracteres especiales cuando extraen una ruta de un fichero de una URL, lo que permite a atacantes remotos realizar ataques de injección de datos mediente una URL manipulada, como se demostró mediante un atque de injección CRLF sobre los protocolos (1) IMAP, (2) POP3, y (3) SMTP. • http://curl.haxx.se/curl-url-sanitize.patch http://curl.haxx.se/docs/adv_20120124.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://secunia.com/advisories/48256 http://security.gentoo.org/glsa/glsa-201203-02.xml http://support.apple.com/kb/HT5281 http://www.debian.org/security/2012/dsa-2398 http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 http:&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0CVE-2011-2192 – curl: Improper delegation of client credentials during GSS negotiation
https://notcve.org/view.php?id=CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. La función Curl_input_negotiate en http_negotiate.c en libcurl v7.10.6 a v7.21.6, tal y como se utiliza en curl y otras aplicaciones, siempre lleva a cabo delegación de credenciales durante la autenticación GSSAPI, lo que permite a hacerse pasar por clientes legitimos a servidores remotos a través de peticiones GSSAPI. • http://curl.haxx.se/curl-gssapi-delegation.patch http://curl.haxx.se/docs/adv_20110623.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html http://secunia.com/advisories/45047 http://secunia.com/advisories/45067 http://secunia.com/advisories/45088 http://secunia.com/advisories/45144 http://secunia.com/ • CWE-255: Credentials Management Errors •
CVSS: 6.8EPSS: 4%CPEs: 35EXPL: 0CVE-2010-0734 – curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback
https://notcve.org/view.php?id=CVE-2010-0734
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. content_encoding.c en libcurl v7.10.5 hasta v7.19.7, cuando zlib está habilitado, no restringe adecuadamente la cantidad de datos de llamadas devueltas, enviadas a una aplicación que descomprime automaticamente las peticiones, lo que podría permitir a un atacante remoto provocar una denegación de servicio (caída de aplicación) o tener o tro impacto sin especificar mediante el envío de datos comprimidos manipulados a una aplicación que se basa en el límite destinado data-length. • http://curl.haxx.se/docs/adv_20100209.html http://curl.haxx.se/docs/security.html#20100209 http://curl.haxx.se/libcurl-contentencoding.patch http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html http://secunia.com/advisories/38843 http://secunia.com/advisories/38981 http://secunia.com/advisories/39087 http:&#x • CWE-264: Permissions, Privileges, and Access Controls •