CVSS: 7.5EPSS: 0%CPEs: 40EXPL: 1CVE-2020-8286 – curl: Inferior OCSP verification
https://notcve.org/view.php?id=CVE-2020-8286
curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. curl versiones 7.41.0 hasta 7.73.0, es vulnerable a una comprobación inapropiada para la revocación del certificado debido a una verificación insuficiente de la respuesta OCSP Libcurl offers "OCSP stapling" via the CURLOPT_SSL_VERIFYSTATUS option. When set, libcurl verifies the OCSP response that a server responds with as part of the TLS handshake. It then aborts the TLS negotiation if something is wrong with the response. The same feature can be enabled with --cert-status using the curl tool. As part of the OCSP response verification, a client should verify that the response is indeed set out for the correct certificate. • http://seclists.org/fulldisclosure/2021/Apr/50 http://seclists.org/fulldisclosure/2021/Apr/51 http://seclists.org/fulldisclosure/2021/Apr/54 https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://curl.se/docs/CVE-2020-8286.html https://hackerone.com/reports/1048457 https://lists.debian.org/debian-lts-announce/2020/12/msg00029.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fe • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2020-8231 – curl: Expired pointer dereference via multi API with CURLOPT_CONNECT_ONLY option set
https://notcve.org/view.php?id=CVE-2020-8231
Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. Debido al uso de un puntero colgante, libcurl versiones 7.29.0 hasta 7.71.1, puede usar la conexión errónea cuando envía datos A flaw was found in libcurl from versions 7.29.0 through 7.71.1. An application that performs multiple requests with libcurl's multi API, and sets the `CURLOPT_CONNECT_ONLY` option, might experience libcurl using the wrong connection. The highest threat from this vulnerability is to data confidentiality. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://curl.haxx.se/docs/CVE-2020-8231.html https://hackerone.com/reports/948876 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E https://security.gentoo.org/glsa/202012-14 https://www.debian.org/security/2021/dsa-4881 https://www.oracle.com/securi • CWE-416: Use After Free CWE-822: Untrusted Pointer Dereference •
CVSS: 7.8EPSS: 5%CPEs: 16EXPL: 1CVE-2019-5436 – curl: TFTP receive heap buffer overflow in tftp_receive_packet() function
https://notcve.org/view.php?id=CVE-2019-5436
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. Un desbordamiento de búfer en la memoria dinámica (heap) del código de recepción TFTP, permite la ejecución de código arbitrario o una Denegación de Servicio (DoS) en las versiones de libcurl 7.19.4 hasta 7.64.1. • http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00017.html http://www.openwall.com/lists/oss-security/2019/09/11/6 https://curl.haxx.se/docs/CVE-2019-5436.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SMG3V4VTX2SE3EW3HQTN3DDLQBTORQC2 https://seclists.org/bugtraq/2020/Feb/36 https://security.gentoo.org/glsa/202003-29 https://security.netapp.com/advisory& • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 11EXPL: 2CVE-2019-3823 – curl: SMTP end-of-response out-of-bounds read
https://notcve.org/view.php?id=CVE-2019-3823
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. libcurl, desde la versión 7.34.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria dinámica (heap) fuera de límites en el código que maneja el final de la respuesta para SMTP. Si el búfer que se pasa a "smtp_endofresp()" no termina en NUL, no contiene caracteres que terminen el número analizado y "len" se establece como 5, la llamada "strtol()" lee más allá del búfer asignado. Los contenidos de la lectura no se devolverán al llamante. • http://www.securityfocus.com/bid/106950 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3823 https://cert-portal.siemens.com/productcert/pdf/ssa-936080.pdf https://curl.haxx.se/docs/CVE-2019-3823.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.gentoo.org/glsa/201903-03 https://security.netapp.com/advisory/ntap-20190315-0001 https://usn.ubuntu • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 4%CPEs: 16EXPL: 1CVE-2018-16890 – curl: NTLM type-2 heap out-of-bounds buffer read
https://notcve.org/view.php?id=CVE-2018-16890
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. Libcurl, desde la versión 7.36.0 hasta antes de la 7.64.0, es vulnerable a una lectura de memoria dinámica (heap) fuera de límites. La función que gestiona los mensajes entrantes NTLM de tipo 2 ("lib/vauth/ntlm.c:ntlm_decode_type2_target") no valida los datos entrantes correctamente y está sujeta a una vulnerabilidad de desbordamiento de enteros. • https://github.com/michelleamesquita/CVE-2018-16890 http://www.securityfocus.com/bid/106947 https://access.redhat.com/errata/RHSA-2019:3701 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16890 https://cert-portal.siemens.com/productcert/pdf/ssa-436177.pdf https://curl.haxx.se/docs/CVE-2018-16890.html https://lists.apache.org/thread.html/8338a0f605bdbb3a6098bb76f666a95fc2b2f53f37fa1ecc89f1146f%40%3Cdevnull.infra.apache.org%3E https://security.netapp.com/advisory/ntap-20190315-0001 https://sup • CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •