CVE-2016-8619 – curl: Double-free in krb5 code
https://notcve.org/view.php?id=CVE-2016-8619
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. La función "read_data()" en security.c en curl en versiones anteriores a la 7.51.0 es vulnerable a una doble liberación (double free) de memoria. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94100 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8619 https://curl.haxx.se/CVE-2016-8619.patch https://curl.haxx.se/docs/adv_20161102E.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/ • CWE-415: Double Free CWE-416: Use After Free •
CVE-2016-8620 – curl: Glob parser write/read out of bounds
https://notcve.org/view.php?id=CVE-2016-8620
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. La funcionalidad de "globbing" en curl en versiones anteriores a la 7.51.0 tiene un error que conduce a un desbordamiento de enteros y a una lectura fuera de límites mediante entradas controladas por el usuario. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94102 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8620 https://curl.haxx.se/docs/adv_20161102F.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/tns-2016-21 https://access.redhat.com/security/cve/CVE-2016-8620 https://bugzilla.redhat.com& • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') CWE-125: Out-of-bounds Read CWE-190: Integer Overflow or Wraparound •
CVE-2016-8623 – curl: Use-after-free via shared cookies
https://notcve.org/view.php?id=CVE-2016-8623
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. Se ha descubierto un problema en versiones anteriores a la 7.51.0 de curl. La forma en la que curl gestiona las cookies permite que otros hilos desencadenen un uso de memoria previamente liberada que conduce a una divulgación de información. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94106 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8623 https://curl.haxx.se/CVE-2016-8623.patch https://curl.haxx.se/docs/adv_20161102I.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissu • CWE-416: Use After Free •
CVE-2016-4802
https://notcve.org/view.php?id=CVE-2016-4802
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. Múltiples vulnerabilidades de búsqueda de ruta no confiable en cURL y libcurl en versiones anteriores a 7.49.1, cuando se construye con SSPI o telnet está habilitada, permiten a usuarios locales ejecutar código arbitrario y llevar a cabo ataques de secuestro DLL a través de un troyano (1) security.dll, (2) secur32.dll o (3) ws2_32.dll en la aplicación o directorio de trabajo actual. • http://www.securityfocus.com/bid/90997 http://www.securitytracker.com/id/1036008 https://curl.haxx.se/docs/adv_20160530.html • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2016-0754
https://notcve.org/view.php?id=CVE-2016-0754
cURL before 7.47.0 on Windows allows attackers to write to arbitrary files in the current working directory on a different drive via a colon in a remote file name. cURL en versiones anteriores a 7.47.0 en Windows permite a atacantes escribir en archivos arbitrarios en el directorio de trabajo actual en un disco diferente a través de dos puntos en un nombre de archivo remoto. • http://curl.haxx.se/docs/adv_20160127B.html • CWE-20: Improper Input Validation •