CVSS: 6.5EPSS: 0%CPEs: 32EXPL: 0CVE-2017-1000101 – curl: URL globbing out of bounds read
https://notcve.org/view.php?id=CVE-2017-1000101
09 Aug 2017 — curl supports "globbing" of URLs, in which a user can pass a numerical range to have the tool iterate over those numbers to do a sequence of transfers. In the globbing function that parses the numerical range, there was an omission that made curl read a byte beyond the end of the URL if given a carefully crafted, or just wrongly written, URL. The URL is stored in a heap based buffer, so it could then be made to wrongly read something else instead of crashing. An example of a URL that triggers the flaw would... • http://www.debian.org/security/2017/dsa-3992 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-9502
https://notcve.org/view.php?id=CVE-2017-9502
14 Jun 2017 — In curl before 7.54.1 on Windows and DOS, libcurl's default protocol function, which is the logic that allows an application to set which protocol libcurl should attempt to use when given a URL without a scheme part, had a flaw that could lead to it overwriting a heap based memory buffer with seven bytes. If the default protocol is specified to be FILE or a file: URL lacks two slashes, the given "URL" starts with a drive letter, and libcurl is built for Windows or DOS, then libcurl would copy the path 7 byt... • http://openwall.com/lists/oss-security/2017/06/14/1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.4EPSS: 0%CPEs: 1EXPL: 0CVE-2017-7407 – curl: --write-out out of bounds read
https://notcve.org/view.php?id=CVE-2017-7407
03 Apr 2017 — The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, which leads to a heap-based buffer over-read. La función ourWriteOut en tool_writeout.c en curl 7.53.1 podría permitir que los atacantes físicamente próximos obtengan información sensible de la memoria del proceso en circunstancias... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2017-2628 – curl: negotiate not treated as connection-oriented (incomplete fix for CVE-2015-3148)
https://notcve.org/view.php?id=CVE-2017-2628
30 Mar 2017 — curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE. This issue was introduced in RHEL 6.7 and affects RHEL 6 curl only. curl, tal y como se distribuye en Red Hat Enterprise Linux 6, en versiones anteriores a la 7.19.7-53, no realizó correctamente el backport de la solución para CVE-2015-3148 debido a que no reflejó el hecho... • http://rhn.redhat.com/errata/RHSA-2017-0847.html • CWE-287: Improper Authentication •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-2629 – Apple Security Advisory 2017-07-19-2
https://notcve.org/view.php?id=CVE-2017-2629
28 Mar 2017 — curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid proof, even when there is none or if the server doesn't support the TLS extension in question. This could lead to users not detecting when a server's certificate goes invalid or otherwise be mislead that the server is in a better shape than it is in reality. This ... • http://www.securityfocus.com/bid/96382 • CWE-295: Improper Certificate Validation •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2016-9586 – curl: printf floating point buffer overflow
https://notcve.org/view.php?id=CVE-2016-9586
20 Jan 2017 — curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could allow remote attacks. curl, en versiones anteriores a la 7.52.0, es vulnerable a un desbordamiento de búfer cuando se realiza un envío de un gran puntero flotante en la implementación de libcurl de la función printf(). Si hay aplicacio... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •
CVSS: 8.1EPSS: 1%CPEs: 1EXPL: 0CVE-2016-9594 – Gentoo Linux Security Advisory 201701-47
https://notcve.org/view.php?id=CVE-2016-9594
20 Jan 2017 — curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable. curl, en versiones anteriores a la 7.52.1, es vulnerable a un valor aleatorio no inicializado en la función interna de libcurl que devuelve un valor aleatorio bueno de 32 bits. Tener un valor aleatorio débil o virtualmente inexistente hace que las operaciones que lo usan sea... • http://www.securityfocus.com/bid/95094 • CWE-665: Improper Initialization •
CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0CVE-2016-8625 – curl: IDNA 2003 makes curl use wrong host
https://notcve.org/view.php?id=CVE-2016-8625
14 Dec 2016 — curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. curl en versiones anteriores a la 7.51.0 emplea el estándar IDNA 2003 obsoleto para gestionar nombres de dominio internacionales, lo que podría hacer que los usuarios envíen peticiones de transferencia de red al host erróneo sin darse cuenta. The Apache HTTP Server is a powerful, efficient, and extensible we... • http://www.securityfocus.com/bid/94107 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 3%CPEs: 1EXPL: 0CVE-2016-8615 – curl: Cookie injection for other servers
https://notcve.org/view.php?id=CVE-2016-8615
04 Nov 2016 — A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. Se ha descubierto un problema en versiones anteriores a la 7.51 de curl. Si se escribe el estado de la cookie en un archivo jar de cookie que, posteriormente, será leído y empleado para futuras peticiones, un servidor HTTP malicioso puede inyectar nuevas cookies para... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-254: 7PK - Security Features •
CVSS: 5.9EPSS: 4%CPEs: 1EXPL: 0CVE-2016-8616 – curl: Case insensitive password comparison
https://notcve.org/view.php?id=CVE-2016-8616
04 Nov 2016 — A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. Se ha descubierto un problema en versiones anteriores a la 7.51.0 de curl. Al reutilizar un... • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html • CWE-255: Credentials Management Errors CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •