CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9586 – curl: printf floating point buffer overflow
https://notcve.org/view.php?id=CVE-2016-9586
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. curl, en versiones anteriores a la 7.52.0, es vulnerable a un desbordamiento de búfer cuando se realiza un envío de un gran puntero flotante en la implementación de libcurl de la función printf(). Si hay aplicaciones que acepten una cadena de formato externa sin necesitar un filtrado de entrada, podría permitir ataques remotos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/95019 http://www.securitytracker.com/id/1037515 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-9586 https://curl.haxx.se/docs/adv_20161221A.html https://github.com/curl/curl/commit/curl-7_51_0-162-g3ab3c16 https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8625 – curl: IDNA 2003 makes curl use wrong host
https://notcve.org/view.php?id=CVE-2016-8625
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. curl en versiones anteriores a la 7.51.0 emplea el estándar IDNA 2003 obsoleto para gestionar nombres de dominio internacionales, lo que podría hacer que los usuarios envíen peticiones de transferencia de red al host erróneo sin darse cuenta. • http://www.securityfocus.com/bid/94107 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625 https://curl.haxx.se/CVE-2016-8625.patch https://curl.haxx.se/docs/adv_20161102K.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c0277 • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8617 – curl: Out-of-bounds write via unchecked multiplication
https://notcve.org/view.php?id=CVE-2016-8617
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. La función de cifrado en base64 de curl en versiones anteriores a la 7.51.0 es propenso a que se subasigne un búfer en sistemas de 32 bits si recibe, al menos, 1Gb como entrada mediante "CURLOPT_USERNAME". • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94097 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617 https://curl.haxx.se/CVE-2016-8617.patch https://curl.haxx.se/docs/adv_20161102C.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissu • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8618 – curl: Double-free in curl_maprintf
https://notcve.org/view.php?id=CVE-2016-8618
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. La función API de libcurl llamada "curl_maprintf()" en versiones anteriores a la 7.51.0 puede ser engañada para realizar una doble liberación (double free) debido a una multiplicación "size_t" insegura en sistemas que utilizan variables "size_t" de 32 bits. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94098 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618 https://curl.haxx.se/docs/adv_20161102D.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/tns-2016-21 https://access.redhat.com/securit • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8621 – curl: curl_getdate out-of-bounds read
https://notcve.org/view.php?id=CVE-2016-8621
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. La función "curl_getdate" en curl en versiones anteriores a la 7.51.0 es vulnerable a una lectura fuera de límites si recibe una entrada a la que le falta un dígito. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94101 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621 https://curl.haxx.se/CVE-2016-8621.patch https://curl.haxx.se/docs/adv_20161102G.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/ • CWE-125: Out-of-bounds Read •