CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9586 – curl: printf floating point buffer overflow
https://notcve.org/view.php?id=CVE-2016-9586
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. curl, en versiones anteriores a la 7.52.0, es vulnerable a un desbordamiento de búfer cuando se realiza un envío de un gran puntero flotante en la implementación de libcurl de la función printf(). Si hay aplicaciones que acepten una cadena de formato externa sin necesitar un filtrado de entrada, podría permitir ataques remotos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/95019 http://www.securitytracker.com/id/1037515 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586 https://curl.haxx.se/docs/adv_20161221A.html https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8615 – curl: Cookie injection for other servers
https://notcve.org/view.php?id=CVE-2016-8615
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. Se ha descubierto un problema en versiones anteriores a la 7.51 de curl. Si se escribe el estado de la cookie en un archivo jar de cookie que, posteriormente, será leído y empleado para futuras peticiones, un servidor HTTP malicioso puede inyectar nuevas cookies para dominios arbitrarios en ese jar cookie. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94096 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615 https://curl.haxx.se/CVE-2016-8615.patch https://curl.haxx.se/docs/adv_20161102A.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissu • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-254: 7PK - Security Features •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8616 – curl: Case insensitive password comparison
https://notcve.org/view.php?id=CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. Se ha descubierto un problema en versiones anteriores a la 7.51.0 de curl. Al reutilizar una conexión, curl realizaba comparaciones no sensibles a mayúsculas del nombre de usuario y la contraseña en las conexiones existentes. Esto significa que, si existe una conexión no utilizada con credenciales adecuadas para un protocolo que tiene credenciales restringidas a la conexión, un atacante podría provocar que se reutilice esa conexión si este conoce la versión que no distingue entre mayúsculas/minúsculas de la contraseña correcta. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94094 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616 https://curl.haxx.se/CVE-2016-8616.patch https://curl.haxx.se/docs/adv_20161102B.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/ • CWE-255: Credentials Management Errors CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8619 – curl: Double-free in krb5 code
https://notcve.org/view.php?id=CVE-2016-8619
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. La función "read_data()" en security.c en curl en versiones anteriores a la 7.51.0 es vulnerable a una doble liberación (double free) de memoria. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94100 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619 https://curl.haxx.se/CVE-2016-8619.patch https://curl.haxx.se/docs/adv_20161102E.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/ • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8620 – curl: Glob parser write/read out of bounds
https://notcve.org/view.php?id=CVE-2016-8620
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. La funcionalidad de "globbing" en curl en versiones anteriores a la 7.51.0 tiene un error que conduce a un desbordamiento de enteros y a una lectura fuera de límites mediante entradas controladas por el usuario. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94102 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620 https://curl.haxx.se/docs/adv_20161102F.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/tns-2016-21 https://access.redhat.com/security/cve/CVE-2016-8620 https://bugzilla.redhat.com& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •