CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2016-7167 – curl: escape and unescape integer overflows
https://notcve.org/view.php?id=CVE-2016-7167
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. Múltiples desbordamientos de entero en las funciones (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape y (4) curl_easy_unescape en libcurl en versiones anteriores a 7.50.3 permiten a atacantes tener impacto no especificado a través de una cadena de longitud 0xffffffff, lo que desencadena un desbordamiento de búfer basado en memoria dinámica. Multiple integer overflow flaws leading to heap-based buffer overflows were found in the way curl handled escaping and unescaping of data. An attacker could potentially use these flaws to crash an application using libcurl by sending a specially crafted input to the affected libcurl functions. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92975 http://www.securitytracker.com/id/1036813 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.538632 https://access.redhat.com/errata/RHSA-2017:2016 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://curl.haxx.se/docs/adv_20160914.html https://lists.debian.org/debian-lts-announ • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5419 – curl: TLS session resumption client cert bypass
https://notcve.org/view.php?id=CVE-2016-5419
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. curl y libcurl en versiones anteriores a 7.50.1 no previene la reanudación de sesión TLS cuando el certificado del cliente ha cambiado, lo que permite a atacantes remotos eludir restricciones previstas reanudando sesión. It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://rhn.redhat.com/errata/RHSA-2016-2575.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.debian.org/security/2016/dsa-3638 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92292 http://www.securityfocus.com/bid/92319 http://www.securitytracker.com/id/1036538 http://ww • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5420 – curl: Re-using connection with wrong client cert
https://notcve.org/view.php?id=CVE-2016-5420
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. curl y libcurl en versiones anteriores a 7.50.1 no verifica el certificado de cliente cuando se está escogiendo la conexión TLS para reutilizar, lo que podría permitir a atacantes remotos secuestrar la autenticación de la conexión aprovechando una conexión previamente creada con un certificado de cliente diferente. It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://rhn.redhat.com/errata/RHSA-2016-2575.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.debian.org/security/2016/dsa-3638 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92309 http://www.securitytracker.com/id/1036537 http://www.securitytracker.com/id/1036739 http:// • CWE-285: Improper Authorization CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5421 – curl: Use of connection struct after free
https://notcve.org/view.php?id=CVE-2016-5421
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en libcurl en versiones anteriores a 7.50.1 permite a atacantes controlar qué conexión es usada o posiblemente tener otros impactos no especificados a través de vectores desconocidos. A use-after-free flaw was found in libcurl. When invoking curl_easy_perform() after cleaning up a multi session, an application can be tricked into using libcurl to connect to a malicious server, allowing an attacker to potentially execute arbitrary code. The highest threat from this vulnerability is to data confidentiality and integrity as well as data confidentiality. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://www.debian.org/security/2016/dsa-3638 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92306 http://www.securitytracker.com/id/1036536 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059 http://www.ubuntu.com/usn/USN-3048-1 https://access.r • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 12EXPL: 0CVE-2015-3153
https://notcve.org/view.php?id=CVE-2015-3153
The default configuration for cURL and libcurl before 7.42.1 sends custom HTTP headers to both the proxy and destination server, which might allow remote proxy servers to obtain sensitive information by reading the header contents. La configuración por defecto para cURL y libcurl anterior a 7.42.1 envía cabeceras HTTP personalizadas tanto al servidor proxy como al de destinación, lo que podría permitir a servidores proxy remotos obtener información sensible mediante la lectura de los contenidos de cabeceras. • http://curl.haxx.se/docs/adv_20150429.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00017.html http://www.debian.org/security/2015/dsa-3240 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/cpu • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •