CVE-2020-8169 – libcurl: partial password leak over DNS on HTTP redirect
https://notcve.org/view.php?id=CVE-2020-8169
curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). curl versiones 7.62.0 hasta 7.70.0, es susceptible a una vulnerabilidad de divulgación de información que puede conllevar a que una contraseña parcial sea filtrada a través de la red y a servidor(es) DNS A flaw was found in libcurl. A part of a password may be prepended to the host name before the host name is resolved, leading to a leak of the partial password over the network and to DNS servers. This highest threat from this vulnerability is to data confidentiality. • https://cert-portal.siemens.com/productcert/pdf/ssa-200951.pdf https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://curl.se/docs/CVE-2020-8169.html https://hackerone.com/reports/874778 https://www.debian.org/security/2021/dsa-4881 https://access.redhat.com/security/cve/CVE-2020-8169 https://bugzilla.redhat.com/show_bug.cgi?id=1847916 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2020-8177 – curl: Incorrect argument check can allow remote servers to overwrite local files
https://notcve.org/view.php?id=CVE-2020-8177
curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. curl versiones 7.20.0 hasta 7.70.0, es vulnerable a una restricción inapropiada de nombres para archivos y otros recursos que pueden conllevar a sobrescribir demasiado un archivo local cuando el flag -J es usado A flaw was found in curl. Overwriting local files is possible when using a certain combination of command line options. Requesting content from a malicious server could lead to overwriting local files with compromised files leading to unknown effects. The highest threat from this vulnerability is to file integrity. • https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://curl.se/docs/CVE-2020-8177.html https://hackerone.com/reports/887462 https://www.debian.org/security/2021/dsa-4881 https://www.oracle.com/security-alerts/cpujan2022.html https://access.redhat.com/security/cve/CVE-2020-8177 https://bugzilla.redhat.com/show_bug.cgi?id=1847915 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-99: Improper Control of Resource Identifiers ('Resource Injection') •
CVE-2019-5482 – curl: heap buffer overflow in function tftp_receive_packet()
https://notcve.org/view.php?id=CVE-2019-5482
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. Un desbordamiento del búfer de la pila en el manejador de protocolo TFTP en cURL versiones 7.19.4 hasta 7.65.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html https://curl.haxx.se/docs/CVE-2019-5482.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVE-2019-5481 – curl: double free due to subsequent call of realloc()
https://notcve.org/view.php?id=CVE-2019-5481
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. Vulnerabilidad de doble liberación en el código FTP-kerberos en cURL versiones 7.52.0 hasta 7.65.3. • http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00048.html http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00055.html https://curl.haxx.se/docs/CVE-2019-5481.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CI4QQ2RSZX4VCFM76SIWGKY6BY7UWIC https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGDVKSLY5JUNJRLYRUA6CXGQ2LM63XC3 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/me • CWE-415: Double Free CWE-416: Use After Free •
CVE-2019-5443
https://notcve.org/view.php?id=CVE-2019-5443
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. Un usuario o programa no privilegiado puede colocar un código y un archivo de configuración en una ruta (path) no privilegiada conocida (bajo C:/usr/local/) que hará que curl anterior a versión 7.65.1 incluyéndola, ejecute automáticamente el código en la invocación (como un "engine" openssl). Si ese curl es invocado por un usuario privilegiado, este puede hacer lo que desee. • http://www.openwall.com/lists/oss-security/2019/06/24/1 http://www.securityfocus.com/bid/108881 https://curl.haxx.se/docs/CVE-2019-5443.html https://security.netapp.com/advisory/ntap-20191017-0002 https://www.oracle.com/security-alerts/cpuapr2020.html https://www.oracle.com/security-alerts/cpuoct2020.html https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-427: Uncontrolled Search Path Element •