CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9502
https://notcve.org/view.php?id=CVE-2017-9502
In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 bytes off, so that the end of the given path would write beyond the malloc buffer (7 bytes being the length in bytes of the ascii string "file://"). En curl en sus versiones anteriores a la 7.54.1 de Windows y DOS, la función libcurl de protocolo por defecto, el cual es lógico que permita una aplicación poner que protocolo libcurl debe intentar usar cuando una URL le es dada sin una parte diseñada, tiene un flaw que podría llevar a sobrescribir buffer heap --heap-- con siete bytes. Si se especifica que el protocolo sea FILE o un archivo: A la URL le faltan dos barras, la URL dada comienza con una letra de unidad, y libcurl es construida para Windows o DOS, entonces libcurl copiaría la ruta de 7bytes, asique el final de la ruta dada escribiría mas allá del buffer reservado (7 bytes son la longitud de la cadena ASCII "file://"). • http://openwall.com/lists/oss-security/2017/06/14/1 http://www.securityfocus.com/bid/99120 http://www.securitytracker.com/id/1038697 https://curl.haxx.se/docs/adv_20170614.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2017-2628 – curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)
https://notcve.org/view.php?id=CVE-2017-2628
curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. curl, tal y como se distribuye en Red Hat Enterprise Linux 6, en versiones anteriores a la 7.19.7-53, no realizó correctamente el backport de la solución para CVE-2015-3148 debido a que no reflejó el hecho de que la definición HAVE_GSSAPI se sustituyó mientras tanto por USE_HTTP_NEGOTIATE. Este problema se introdujo en RHEL 6.7 y solo afecta a RHEL 6 curl. It was found that the fix for CVE-2015-3148 in curl was incomplete. An application using libcurl with HTTP Negotiate authentication could incorrectly re-use credentials for subsequent requests to the same server. • http://rhn.redhat.com/errata/RHSA-2017-0847.html http://www.securityfocus.com/bid/97187 https://bugzilla.redhat.com/show_bug.cgi?id=1422464 https://access.redhat.com/security/cve/CVE-2017-2628 • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2629
https://notcve.org/view.php?id=CVE-2017-2629
curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This flaw also exists in the command line tool (--cert-status). curl en versiones anteriores a la 7.53.0 tiene una característica de extensión TLS Certificate Status Request que solicita una nueva prueba de la validez del certificado del servidor en el código que comprueba el éxito o el fracaso de una prueba. Acaba siempre pensando que hay pruebas válidas, incluso cuando no hay ninguna o si el servidor no soporta la extensión TLS en cuestión. • http://www.securityfocus.com/bid/96382 http://www.securitytracker.com/id/1037871 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2017-2629 https://curl.haxx.se/docs/adv_20170222.html https://security.gentoo.org/glsa/201703-04 https://www.tenable.com/security/tns-2017-09 • CWE-295: Improper Certificate Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8625 – curl: IDNA 2003 makes curl use wrong host
https://notcve.org/view.php?id=CVE-2016-8625
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. curl en versiones anteriores a la 7.51.0 emplea el estándar IDNA 2003 obsoleto para gestionar nombres de dominio internacionales, lo que podría hacer que los usuarios envíen peticiones de transferencia de red al host erróneo sin darse cuenta. • http://www.securityfocus.com/bid/94107 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625 https://curl.haxx.se/CVE-2016-8625.patch https://curl.haxx.se/docs/adv_20161102K.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c0277 • CWE-20: Improper Input Validation •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9594
https://notcve.org/view.php?id=CVE-2016-9594
curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable. curl, en versiones anteriores a la 7.52.1, es vulnerable a un valor aleatorio no inicializado en la función interna de libcurl que devuelve un valor aleatorio bueno de 32 bits. Tener un valor aleatorio débil o virtualmente inexistente hace que las operaciones que lo usan sean vulnerables. • http://www.securityfocus.com/bid/95094 http://www.securitytracker.com/id/1037528 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9594 https://curl.haxx.se/docs/adv_20161223.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/tns-2017-04 • CWE-665: Improper Initialization •