CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8618 – curl: Double-free in curl_maprintf
https://notcve.org/view.php?id=CVE-2016-8618
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. La función API de libcurl llamada "curl_maprintf()" en versiones anteriores a la 7.51.0 puede ser engañada para realizar una doble liberación (double free) debido a una multiplicación "size_t" insegura en sistemas que utilizan variables "size_t" de 32 bits. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94098 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618 https://curl.haxx.se/docs/adv_20161102D.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/tns-2016-21 https://access.redhat.com/securit • CWE-415: Double Free CWE-416: Use After Free •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8621 – curl: curl_getdate out-of-bounds read
https://notcve.org/view.php?id=CVE-2016-8621
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. La función "curl_getdate" en curl en versiones anteriores a la 7.51.0 es vulnerable a una lectura fuera de límites si recibe una entrada a la que le falta un dígito. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94101 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8621 https://curl.haxx.se/CVE-2016-8621.patch https://curl.haxx.se/docs/adv_20161102G.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/ • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8624 – curl: Invalid URL parsing with '#'
https://notcve.org/view.php?id=CVE-2016-8624
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC to check for allowed domains before using curl to request them. curl en versiones anteriores a la 7.51.0 no analiza el componente authority de la URL correctamente cuando el nombre del host termina con un carácter "#" y podría conectarse a un host diferente. Esto podría tener implicaciones de seguridad si, por ejemplo, se emplea un analizador URL que sigue el RFC para buscar dominios permitidos antes de emplear curl para solicitarlos. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94103 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8624 https://curl.haxx.se/docs/adv_20161102J.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apac • CWE-20: Improper Input Validation •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8617 – curl: Out-of-bounds write via unchecked multiplication
https://notcve.org/view.php?id=CVE-2016-8617
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. La función de cifrado en base64 de curl en versiones anteriores a la 7.51.0 es propenso a que se subasigne un búfer en sistemas de 32 bits si recibe, al menos, 1Gb como entrada mediante "CURLOPT_USERNAME". • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94097 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617 https://curl.haxx.se/CVE-2016-8617.patch https://curl.haxx.se/docs/adv_20161102C.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissu • CWE-787: Out-of-bounds Write •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2016-4802
https://notcve.org/view.php?id=CVE-2016-4802
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory. Múltiples vulnerabilidades de búsqueda de ruta no confiable en cURL y libcurl en versiones anteriores a 7.49.1, cuando se construye con SSPI o telnet está habilitada, permiten a usuarios locales ejecutar código arbitrario y llevar a cabo ataques de secuestro DLL a través de un troyano (1) security.dll, (2) secur32.dll o (3) ws2_32.dll en la aplicación o directorio de trabajo actual. • http://www.securityfocus.com/bid/90997 http://www.securitytracker.com/id/1036008 https://curl.haxx.se/docs/adv_20160530.html • CWE-264: Permissions, Privileges, and Access Controls •