CVSS: 9.8EPSS: 38%CPEs: 9EXPL: 2CVE-2013-0249 – cURL - Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2013-0249
08 Mar 2013 — Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. Desbordamiento de búfer basado en pila en la función de curl_sasl_create_digest_md5_message de libcurl en lib/curl_sasl.c v7.26.0 hasta v7... • https://www.exploit-db.com/exploits/24487 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.1EPSS: 7%CPEs: 26EXPL: 0CVE-2012-0036
https://notcve.org/view.php?id=CVE-2012-0036
13 Apr 2012 — curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. curl y libcurl v7.2x anteriores v7.24.0 no consideran de forma adecuada los caracteres especiales cuando extraen una ruta de un fichero de una URL, lo que permite a atacantes remotos realizar ataques de injección ... • http://curl.haxx.se/curl-url-sanitize.patch • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 11EXPL: 0CVE-2011-2192 – curl: Improper delegation of client credentials during GSS negotiation
https://notcve.org/view.php?id=CVE-2011-2192
07 Jul 2011 — The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. La función Curl_input_negotiate en http_negotiate.c en libcurl v7.10.6 a v7.21.6, tal y como se utiliza en curl y otras aplicaciones, siempre lleva a cabo delegación de credenciales durante la autenticación GSSAPI, lo que permite a hacerse pasar po... • http://curl.haxx.se/curl-gssapi-delegation.patch • CWE-255: Credentials Management Errors •
CVSS: 9.1EPSS: 4%CPEs: 35EXPL: 0CVE-2010-0734 – curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback
https://notcve.org/view.php?id=CVE-2010-0734
19 Mar 2010 — content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. content_encoding.c en libcurl v7.10.5 hasta v7.19.7, cuando zlib está habilitado, no restringe adecuada... • http://curl.haxx.se/docs/adv_20100209.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.5EPSS: 1%CPEs: 74EXPL: 0CVE-2009-2417 – curl: incorrect verification of SSL certificate with NUL in name
https://notcve.org/view.php?id=CVE-2009-2417
14 Aug 2009 — lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. lib/ssluse.c en cURL y libcurl v7.4 hasta v7.19.5, cuando se usa OpenSSL, no maneja de forma aecuada el caracter '\0' en un nombre de... • http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch • CWE-310: Cryptographic Issues •