CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8620 – curl: Glob parser write/read out of bounds
https://notcve.org/view.php?id=CVE-2016-8620
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. La funcionalidad de "globbing" en curl en versiones anteriores a la 7.51.0 tiene un error que conduce a un desbordamiento de enteros y a una lectura fuera de límites mediante entradas controladas por el usuario. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94102 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620 https://curl.haxx.se/docs/adv_20161102F.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/tns-2016-21 https://access.redhat.com/security/cve/CVE-2016-8620 https://bugzilla.redhat.com& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8623 – curl: Use-after-free via shared cookies
https://notcve.org/view.php?id=CVE-2016-8623
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. Se ha descubierto un problema en versiones anteriores a la 7.51.0 de curl. La forma en la que curl gestiona las cookies permite que otros hilos desencadenen un uso de memoria previamente liberada que conduce a una divulgación de información. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94106 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623 https://curl.haxx.se/CVE-2016-8623.patch https://curl.haxx.se/docs/adv_20161102I.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissu • CWE-416: Use After Free •