CVE-2013-4545
https://notcve.org/view.php?id=CVE-2013-4545
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. cURL y libcurl 7.18.0 hasta la versión 7.32.0, cuando es compilado con OpenSSL, desactiva la verificación del nombre de campos del certificado CN y SAN (CURLOPT_SSL_VERIFYHOST) cuando la verificación de firma digital (CURLOPT_SSL_VERIFYPEER) está desactivada, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario. • http://curl.haxx.se/docs/adv_20131115.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00047.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00053.html http://www.debian.org/security/2013/dsa-2798 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.ubuntu.com/usn/USN-2048-1 https:// • CWE-310: Cryptographic Issues •
CVE-2013-2174 – curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs
https://notcve.org/view.php?id=CVE-2013-2174
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Desbordamiento de búfer basado en memoria dinámica en la función curl_easy_unescape en lib/escape.c en cURL y libcurl 7.7 a la 7.30.0, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código arbitrario a través de una cadena manipulada que termina con el carácter "%". • http://curl.haxx.se/docs/adv_20130622.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0983.html http://www.debian.org/security/2013/dsa-2713 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/60737 http://www.ubuntu.com/usn/USN-1894-1 https://github.com/bagder/curl/commit/192c4f788d48 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2013-1944 – curl: Cookie domain suffix match vulnerability
https://notcve.org/view.php?id=CVE-2013-1944
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. La función tailMatch en cookie.c en cURL y libcurl antes de v7.30.0 no comprueba correctamente la ruta del dominio al enviar las cookies, lo que permite robar las cookies a atacantes remotos a través de un sufijo coincidente en el dominio de una URL. • http://curl.haxx.se/docs/adv_20130412.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2011-2192 – curl: Improper delegation of client credentials during GSS negotiation
https://notcve.org/view.php?id=CVE-2011-2192
The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. La función Curl_input_negotiate en http_negotiate.c en libcurl v7.10.6 a v7.21.6, tal y como se utiliza en curl y otras aplicaciones, siempre lleva a cabo delegación de credenciales durante la autenticación GSSAPI, lo que permite a hacerse pasar por clientes legitimos a servidores remotos a través de peticiones GSSAPI. • http://curl.haxx.se/curl-gssapi-delegation.patch http://curl.haxx.se/docs/adv_20110623.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html http://secunia.com/advisories/45047 http://secunia.com/advisories/45067 http://secunia.com/advisories/45088 http://secunia.com/advisories/45144 http://secunia.com/ • CWE-255: Credentials Management Errors •
CVE-2010-0734 – curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback
https://notcve.org/view.php?id=CVE-2010-0734
content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. content_encoding.c en libcurl v7.10.5 hasta v7.19.7, cuando zlib está habilitado, no restringe adecuadamente la cantidad de datos de llamadas devueltas, enviadas a una aplicación que descomprime automaticamente las peticiones, lo que podría permitir a un atacante remoto provocar una denegación de servicio (caída de aplicación) o tener o tro impacto sin especificar mediante el envío de datos comprimidos manipulados a una aplicación que se basa en el límite destinado data-length. • http://curl.haxx.se/docs/adv_20100209.html http://curl.haxx.se/docs/security.html#20100209 http://curl.haxx.se/libcurl-contentencoding.patch http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html http://secunia.com/advisories/38843 http://secunia.com/advisories/38981 http://secunia.com/advisories/39087 http: • CWE-264: Permissions, Privileges, and Access Controls •