CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5419 – curl: TLS session resumption client cert bypass
https://notcve.org/view.php?id=CVE-2016-5419
curl and libcurl before 7.50.1 do not prevent TLS session resumption when the client certificate has changed, which allows remote attackers to bypass intended restrictions by resuming a session. curl y libcurl en versiones anteriores a 7.50.1 no previene la reanudación de sesión TLS cuando el certificado del cliente ha cambiado, lo que permite a atacantes remotos eludir restricciones previstas reanudando sesión. It was found that the libcurl library did not prevent TLS session resumption when the client certificate had changed. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://rhn.redhat.com/errata/RHSA-2016-2575.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.debian.org/security/2016/dsa-3638 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92292 http://www.securityfocus.com/bid/92319 http://www.securitytracker.com/id/1036538 http://ww • CWE-295: Improper Certificate Validation CWE-310: Cryptographic Issues •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2016-5420 – curl: Re-using connection with wrong client cert
https://notcve.org/view.php?id=CVE-2016-5420
curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. curl y libcurl en versiones anteriores a 7.50.1 no verifica el certificado de cliente cuando se está escogiendo la conexión TLS para reutilizar, lo que podría permitir a atacantes remotos secuestrar la autenticación de la conexión aprovechando una conexión previamente creada con un certificado de cliente diferente. It was found that the libcurl library did not check the client certificate when choosing the TLS connection to reuse. An attacker could potentially use this flaw to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://rhn.redhat.com/errata/RHSA-2016-2575.html http://rhn.redhat.com/errata/RHSA-2016-2957.html http://www.debian.org/security/2016/dsa-3638 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92309 http://www.securitytracker.com/id/1036537 http://www.securitytracker.com/id/1036739 http:// • CWE-285: Improper Authorization CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 9EXPL: 0CVE-2016-5421 – curl: Use of connection struct after free
https://notcve.org/view.php?id=CVE-2016-5421
Use-after-free vulnerability in libcurl before 7.50.1 allows attackers to control which connection is used or possibly have unspecified other impact via unknown vectors. Vulnerabilidad de uso después de liberación de memoria en libcurl en versiones anteriores a 7.50.1 permite a atacantes controlar qué conexión es usada o posiblemente tener otros impactos no especificados a través de vectores desconocidos. A use-after-free flaw was found in libcurl. When invoking curl_easy_perform() after cleaning up a multi session, an application can be tricked into using libcurl to connect to a malicious server, allowing an attacker to potentially execute arbitrary code. The highest threat from this vulnerability is to data confidentiality and integrity as well as data confidentiality. • http://lists.opensuse.org/opensuse-updates/2016-09/msg00011.html http://lists.opensuse.org/opensuse-updates/2016-09/msg00094.html http://www.debian.org/security/2016/dsa-3638 http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/92306 http://www.securitytracker.com/id/1036536 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2016&m=slackware-security.563059 http://www.ubuntu.com/usn/USN-3048-1 https://access.r • CWE-416: Use After Free •
CVSS: 5.0EPSS: 0%CPEs: 8EXPL: 0CVE-2015-3236
https://notcve.org/view.php?id=CVE-2015-3236
cURL and libcurl 7.40.0 through 7.42.1 send the HTTP Basic authentication credentials for a previous connection when reusing a reset (curl_easy_reset) connection handle to send a request to the same host name, which allows remote attackers to obtain sensitive information via unspecified vectors. cURL y libcurl 7.40.0 hasta la versión 7.42.1 mandan las credenciales de autenticación HTTP Basic de una conexión previa cuando se reutiliza en una conexión de reinicio (curl_easy_reset) usada para enviar una petición al mismo nombre de anfitrión, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://curl.haxx.se/docs/adv_20150617A.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.oracle.com/technetwork/topics/security/bulletinjan2016-2867206.html http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html http://www.securityfocus.com/bid/75385 http://www.securityfocus.com/bid/91787 https • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 6.4EPSS: 1%CPEs: 14EXPL: 0CVE-2015-3237
https://notcve.org/view.php?id=CVE-2015-3237
The smb_request_state function in cURL and libcurl 7.40.0 through 7.42.1 allows remote SMB servers to obtain sensitive information from memory or cause a denial of service (out-of-bounds read and crash) via crafted length and offset values. La función smb_request_state en cURL y libcurl 7.40.0 hasta 7.42.1 permite a servidores SMB remotos obtener información sensible de la memoria o causar una denegación de servicio (lectura fuera de rango y caída) a través de valores de longitud y desplazamiento manipulados. • http://curl.haxx.se/docs/adv_20150617B.html http://lists.fedoraproject.org/pipermail/package-announce/2015-June/160660.html http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html http://www.securityfocus.com/bid/75387 http://www.securityfocus.com/bid/91787 http://www.securitytracker.com/id/1036371 https://h20566.www2.hpe.com&# • CWE-20: Improper Input Validation •