CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 1CVE-2019-5435 – curl: Integer overflows in curl_url_set() function
https://notcve.org/view.php?id=CVE-2019-5435
22 May 2019 — An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. Un desbordamiento de enteros en la API de URL de curl, da como resultado un desbordamiento de búfer en libcurl en la versión 7.62.0 hasta la 7.64.1 incluyendola. Red Hat JBoss Core Services is a set of supplementary software for Red Hat JBoss middleware products. This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Servi... • https://curl.haxx.se/docs/CVE-2019-5435.html • CWE-131: Incorrect Calculation of Buffer Size CWE-190: Integer Overflow or Wraparound •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-16840 – curl: Use-after-free when closing "easy" handle in Curl_close()
https://notcve.org/view.php?id=CVE-2018-16840
31 Oct 2018 — A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. Se ha detectado un error de uso de memoria dinámica (heap) previamente liberada en Curl, desde la versión 7.59.0 hasta la 7.61.1, en el códi... • http://www.securitytracker.com/id/1042013 • CWE-416: Use After Free •
CVSS: 9.8EPSS: 0%CPEs: 7EXPL: 0CVE-2018-16839 – curl: Integer overflow leading to heap-based buffer overflow in Curl_sasl_create_plain_message()
https://notcve.org/view.php?id=CVE-2018-16839
31 Oct 2018 — Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. Curl, desde la versión 7.33.0 hasta la 7.61.1, es vulnerable a una saturación del búfer en el código de autenticación SASL que podría conducir a una denegación de servicio (DoS). Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remote attacker could use this issue to cause curl to crash, resulting in a denial of service, or possibly execute ... • http://www.securitytracker.com/id/1042012 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow CWE-190: Integer Overflow or Wraparound •
CVSS: 9.1EPSS: 1%CPEs: 8EXPL: 0CVE-2018-16842 – curl: Heap-based buffer over-read in the curl tool warning formatting
https://notcve.org/view.php?id=CVE-2018-16842
31 Oct 2018 — Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. Curl, desde la versión 7.14.1 hasta la 7.61.1, es vulnerable a una sobrelectura de búfer basada en memoria dinámica (heap) en la función tool_msgs.c:voutf() que podría resultar en una exposición de información y una denegación de servicio (DoS). Harry Sintonen discovered that curl incorrectly handled SASL authentication. A remo... • http://www.securitytracker.com/id/1042014 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2018-0500 – curl: Heap-based buffer overflow in Curl_smtp_escape_eob() when uploading data over SMTP
https://notcve.org/view.php?id=CVE-2018-0500
11 Jul 2018 — Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). Curl_smtp_escape_eob en lib/smtp.c en curl desde la versión 7.54.1 hasta la 7.60.0 tiene un desbordamiento de búfer basado en memoria dinámica (heap) que podría ser explotado por un atacante que pueda c... • http://www.securitytracker.com/id/1041280 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 0CVE-2018-1000300 – Slackware Security Advisory - curl Updates
https://notcve.org/view.php?id=CVE-2018-1000300
16 May 2018 — curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0. curl en su versión 7.54.1 hasta la 7.59.0 contiene una vulnerabilidad CWE-122: desbordamiento de búfer basado en memoria dinámica (heap) y una... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-787: Out-of-bounds Write •
CVSS: 9.1EPSS: 1%CPEs: 18EXPL: 0CVE-2018-1000301 – curl: Out-of-bounds heap read when missing RTSP headers allows information leak or denial of service
https://notcve.org/view.php?id=CVE-2018-1000301
16 May 2018 — curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0. curl en su versión 7.20.0 hasta la 7.59.0 contiene una vulnerabilidad CWE-126: sobrelectura de búfer y denegación de servicio (DoS) que puede resultar en que se puede e... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2018-1000120 – curl: FTP path trickery leads to NIL byte out of bounds write
https://notcve.org/view.php?id=CVE-2018-1000120
14 Mar 2018 — A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse. Existe un desbordamiento de búfer en curl, de la versión 7.12.3 a la 7.58.0, en la gestión de URL FTP que permite que un atacante provoque una denegación de servicio (DoS) o algo peor. It was found that libcurl did not safely parse FTP URLs when using the CURLOPT_FTP_FILEMETHOD method. An attacker, able to provide a specially crafted FTP URL to an applic... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 2%CPEs: 17EXPL: 0CVE-2018-1000121 – curl: LDAP NULL pointer dereference
https://notcve.org/view.php?id=CVE-2018-1000121
14 Mar 2018 — A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service Existe una desreferencia de puntero NULL en curl, de la versión 7.21.0 a la 7.58.0, en el código LDAP que permite que un atacante provoque una denegación de servicio (DoS). A NULL pointer dereference flaw was found in the way libcurl checks values returned by the openldap ldap_get_attribute_ber() function. A malicious LDAP server could use this flaw to crash a l... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 1%CPEs: 17EXPL: 0CVE-2018-1000122 – curl: RTSP RTP buffer over-read
https://notcve.org/view.php?id=CVE-2018-1000122
14 Mar 2018 — A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage Existe una sobrelectura de búfer en curl, de la versión 7.20.0 a la 7.58.0, en el código de gestión RTSP+RTP que permite que un atacante provoque una denegación de servicio (DoS) o una fuga de información. Phan Thanh discovered that curl incorrectly handled certain FTP paths. An attacker could use this to cause a denial of service or ... • http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html • CWE-122: Heap-based Buffer Overflow CWE-125: Out-of-bounds Read •