Page 17 of 143 results (0.014 seconds)

CVSS: 8.1EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-9952

https://notcve.org/view.php?id=CVE-2016-9952

The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com." La función verify_certificate en lib/vtls/schannel.c en libcurl, desde la versión 7.30.0 hasta la 7.51.0, cuando se construye para Windows CE usando el backend TLS schannel, facilita la ejecución de ataques Man-in-the-Middle (MitM) por parte de atacantes remotos mediante un wildcard SAN manipulado en un certificado de servidor, tal y como demuestra "*.com". • https://curl.haxx.se/CVE-2016-9952.patch https://curl.haxx.se/docs/adv_20161221B.html • CWE-295: Improper Certificate Validation •

CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0

CVE-2016-9953

https://notcve.org/view.php?id=CVE-2016-9953

The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read. La función verify_certificate en lib/vtls/schannel.c en libcurl, desde la versión 7.30.0 hasta la 7.51.0, cuando se construye para Windows CE usando el backend TLS schannel, permite a los atacantes remotos obtener información sensible, causar una denegación de servicio (cierre inesperado) o, posiblemente, tener otro tipo de impacto no especificado mediante un nombre de certificado wildcard, lo cual desencadena una lectura fuera de límites. • https://curl.haxx.se/CVE-2016-9952.patch https://curl.haxx.se/docs/adv_20161221C.html • CWE-125: Out-of-bounds Read •

CVSS: 9.1EPSS: 0%CPEs: 6EXPL: 0

CVE-2018-1000005 – curl: Out-of-bounds read in code handling HTTP/2 trailers

https://notcve.org/view.php?id=CVE-2018-1000005

libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. It was reported (https://github.com/curl/curl/pull/2231) that reading an HTTP/2 trailer could mess up future trailers since the stored size was one byte less than required. The problem is that the code that creates HTTP/1-like headers from the HTTP/2 trailer data once appended a string like `:` to the target buffer, while this was recently changed to `: ` (a space was added after the colon) but the following math wasn't updated correspondingly. When accessed, the data is read out of bounds and causes either a crash or that the (too large) data gets passed to client write. This could lead to a denial-of-service situation or an information disclosure if someone has a service that echoes back or uses the trailers for something. libcurl 7.49.0 hasta e incluyendo la versión 7.57.0 contiene una lectura fuera de límites en los trailers de manipulación de código HTTP/2. • http://www.securitytracker.com/id/1040273 https://access.redhat.com/errata/RHSA-2019:1543 https://curl.haxx.se/docs/adv_2018-824a.html https://github.com/curl/curl/pull/2231 https://usn.ubuntu.com/3554-1 https://www.debian.org/security/2018/dsa-4098 https://access.redhat.com/security/cve/CVE-2018-1000005 https://bugzilla.redhat.com/show_bug.cgi?id=1536013 • CWE-125: Out-of-bounds Read •

CVSS: 9.8EPSS: 0%CPEs: 38EXPL: 0

CVE-2018-1000007 – curl: HTTP authentication leak in redirects

https://notcve.org/view.php?id=CVE-2018-1000007

libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties. When asked to send custom headers in its HTTP requests, libcurl will send that set of headers first to the host in the initial URL but also, if asked to follow redirects and a 30X HTTP response code is returned, to the host mentioned in URL in the `Location:` response header value. Sending the same set of headers to subsequent hosts is in particular a problem for applications that pass on custom `Authorization:` headers, as this header often contains privacy sensitive information or data that could allow others to impersonate the libcurl-using client's request. libcurl, desde la versión 7.1 hasta la 7.57.0, podría filtrar accidentalmente datos de autenticación a terceros. Cuando se le solicita que envíe cabeceras personalizadas en sus peticiones HTTP, libcurl enviará primero ese conjunto de cabeceras al host en la URL inicial pero también, si se le pide que siga redirecciones y se devuelve un código de respuesta HTTP 30X al host mencionado en la URL en el valor de la cabecera de respuesta "Location:". El envío de la misma serie de cabeceras a hosts subsecuentes es un problema en particular para las aplicaciones que pasan cabeceras "Authorization:" personalizadas, ya que esta cabecera suele contener información sensible de privacidad o datos que podrían permitir que otros suplanten la petición del cliente que emplea libcurl. • http://www.openwall.com/lists/oss-security/2022/04/27/4 http://www.securitytracker.com/id/1040274 https://access.redhat.com/errata/RHBA-2019:0327 https://access.redhat.com/errata/RHSA-2018:3157 https://access.redhat.com/errata/RHSA-2018:3558 https://access.redhat.com/errata/RHSA-2019:1543 https://access.redhat.com/errata/RHSA-2020:0544 https://access.redhat.com/errata/RHSA-2020:0594 https://curl.haxx.se/docs/adv_2018-b3bf.html https://lists.debian.org/debian • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2017-8818

https://notcve.org/view.php?id=CVE-2017-8818

curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. curl y libcurl en versiones anteriores a la 7.57.0 en plataformas de 32 bits permiten que los atacantes provoquen una denegación de servicio (acceso fuera de límites y cierre inesperado de la aplicación) o, posiblemente, provoquen otro impacto porque se asigna demasiado poca memoria para interconectarse con una librería SSL. • http://security.cucumberlinux.com/security/details.php?id=163 http://www.securityfocus.com/bid/102014 http://www.securitytracker.com/id/1039898 https://curl.haxx.se/docs/adv_2017-af0a.html https://security.gentoo.org/glsa/201712-04 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •