CVE-2014-0015 – curl: re-use of wrong HTTP NTLM connection in libcurl
https://notcve.org/view.php?id=CVE-2014-0015
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via a request. cURL y libcurl 7.10.6 hasta 7.34.0, cuando más de un método de autenticación está habilitado, reutiliza conexiones NTLM, lo que podría permitir a atacantes dependientes de contexto autenticarse como otros usuarios a través de una solicitud. • http://archives.neohapsis.com/archives/bugtraq/2014-06/0172.html http://curl.haxx.se/docs/adv_20140129.html http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10743 http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127627.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/128408.html http://lists.opensuse.org/opensuse-updates/2014-02/msg00066.html http://seclists.org/fulldisclosure/2014/Dec/23 http://secunia.com/advisories/56728 http:/ • CWE-287: Improper Authentication •
CVE-2013-4545
https://notcve.org/view.php?id=CVE-2013-4545
cURL and libcurl 7.18.0 through 7.32.0, when built with OpenSSL, disables the certificate CN and SAN name field verification (CURLOPT_SSL_VERIFYHOST) when the digital signature verification (CURLOPT_SSL_VERIFYPEER) is disabled, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. cURL y libcurl 7.18.0 hasta la versión 7.32.0, cuando es compilado con OpenSSL, desactiva la verificación del nombre de campos del certificado CN y SAN (CURLOPT_SSL_VERIFYHOST) cuando la verificación de firma digital (CURLOPT_SSL_VERIFYPEER) está desactivada, lo que permite a atacantes man-in-the-middle falsificar servidores SSL a través de un certificado válido arbitrario. • http://curl.haxx.se/docs/adv_20131115.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00047.html http://lists.opensuse.org/opensuse-updates/2013-12/msg00053.html http://www.debian.org/security/2013/dsa-2798 http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.ubuntu.com/usn/USN-2048-1 https:// • CWE-310: Cryptographic Issues •
CVE-2013-2174 – curl: Loop counter error, leading to heap-based buffer overflow when decoding certain URLs
https://notcve.org/view.php?id=CVE-2013-2174
Heap-based buffer overflow in the curl_easy_unescape function in lib/escape.c in cURL and libcurl 7.7 through 7.30.0 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted string ending in a "%" (percent) character. Desbordamiento de búfer basado en memoria dinámica en la función curl_easy_unescape en lib/escape.c en cURL y libcurl 7.7 a la 7.30.0, permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente la ejecución de código arbitrario a través de una cadena manipulada que termina con el carácter "%". • http://curl.haxx.se/docs/adv_20130622.html http://lists.opensuse.org/opensuse-updates/2013-07/msg00013.html http://rhn.redhat.com/errata/RHSA-2013-0983.html http://www.debian.org/security/2013/dsa-2713 http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html http://www.securityfocus.com/bid/60737 http://www.ubuntu.com/usn/USN-1894-1 https://github.com/bagder/curl/commit/192c4f788d48 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVE-2013-1944 – curl: Cookie domain suffix match vulnerability
https://notcve.org/view.php?id=CVE-2013-1944
The tailMatch function in cookie.c in cURL and libcurl before 7.30.0 does not properly match the path domain when sending cookies, which allows remote attackers to steal cookies via a matching suffix in the domain of a URL. La función tailMatch en cookie.c en cURL y libcurl antes de v7.30.0 no comprueba correctamente la ruta del dominio al enviar las cookies, lo que permite robar las cookies a atacantes remotos a través de un sufijo coincidente en el dominio de una URL. • http://curl.haxx.se/docs/adv_20130412.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102056.html http://lists.fedoraproject.org/pipermail/package-announce/2013-April/102711.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104207.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/104598.html http://lists.fedoraproject.org/pipermail/package-announce/2013-May/105539.h • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2012-0036
https://notcve.org/view.php?id=CVE-2012-0036
curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. curl y libcurl v7.2x anteriores v7.24.0 no consideran de forma adecuada los caracteres especiales cuando extraen una ruta de un fichero de una URL, lo que permite a atacantes remotos realizar ataques de injección de datos mediente una URL manipulada, como se demostró mediante un atque de injección CRLF sobre los protocolos (1) IMAP, (2) POP3, y (3) SMTP. • http://curl.haxx.se/curl-url-sanitize.patch http://curl.haxx.se/docs/adv_20120124.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://secunia.com/advisories/48256 http://security.gentoo.org/glsa/glsa-201203-02.xml http://support.apple.com/kb/HT5281 http://www.debian.org/security/2012/dsa-2398 http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 http: • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •