Page 8 of 44 results (0.015 seconds)

CVSS: 7.5EPSS: 92%CPEs: 9EXPL: 2

CVE-2013-0249 – cURL - Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2013-0249

Stack-based buffer overflow in the Curl_sasl_create_digest_md5_message function in lib/curl_sasl.c in curl and libcurl 7.26.0 through 7.28.1, when negotiating SASL DIGEST-MD5 authentication, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the realm parameter in a (1) POP3, (2) SMTP or (3) IMAP message. Desbordamiento de búfer basado en pila en la función de curl_sasl_create_digest_md5_message de libcurl en lib/curl_sasl.c v7.26.0 hasta v7.28.1 a durante la negociación de la autenticación SASL DIGEST-MD5, lo que permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) y posiblemente ejecutar código de su elección a través de una cadena demasiado larga en el parámetro 'realm' en un mensaje (1) POP3, (2) SMTP o (3) IMAP. • https://www.exploit-db.com/exploits/24487 http://blog.volema.com/curl-rce.html http://curl.haxx.se/docs/adv_20130206.html http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-February/099140.html http://nakedsecurity.sophos.com/2013/02/10/anatomy-of-a-vulnerability-curl-web-download-toolkit-holed-by-authentication-bug http://packetstormsecurity.com/files/120147/cURL-Buffer-Overflow.html http://packetstormsecurity.com • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 0%CPEs: 26EXPL: 0

CVE-2012-0036

https://notcve.org/view.php?id=CVE-2012-0036

curl and libcurl 7.2x before 7.24.0 do not properly consider special characters during extraction of a pathname from a URL, which allows remote attackers to conduct data-injection attacks via a crafted URL, as demonstrated by a CRLF injection attack on the (1) IMAP, (2) POP3, or (3) SMTP protocol. curl y libcurl v7.2x anteriores v7.24.0 no consideran de forma adecuada los caracteres especiales cuando extraen una ruta de un fichero de una URL, lo que permite a atacantes remotos realizar ataques de injección de datos mediente una URL manipulada, como se demostró mediante un atque de injección CRLF sobre los protocolos (1) IMAP, (2) POP3, y (3) SMTP. • http://curl.haxx.se/curl-url-sanitize.patch http://curl.haxx.se/docs/adv_20120124.html http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041 http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://secunia.com/advisories/48256 http://security.gentoo.org/glsa/glsa-201203-02.xml http://support.apple.com/kb/HT5281 http://www.debian.org/security/2012/dsa-2398 http://www.mandriva.com/security/advisories?name=MDVSA-2012:058 http:&#x • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 11EXPL: 0

CVE-2011-2192 – curl: Improper delegation of client credentials during GSS negotiation

https://notcve.org/view.php?id=CVE-2011-2192

The Curl_input_negotiate function in http_negotiate.c in libcurl 7.10.6 through 7.21.6, as used in curl and other products, always performs credential delegation during GSSAPI authentication, which allows remote servers to impersonate clients via GSSAPI requests. La función Curl_input_negotiate en http_negotiate.c en libcurl v7.10.6 a v7.21.6, tal y como se utiliza en curl y otras aplicaciones, siempre lleva a cabo delegación de credenciales durante la autenticación GSSAPI, lo que permite a hacerse pasar por clientes legitimos a servidores remotos a través de peticiones GSSAPI. • http://curl.haxx.se/curl-gssapi-delegation.patch http://curl.haxx.se/docs/adv_20110623.html http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062287.html http://lists.fedoraproject.org/pipermail/package-announce/2011-June/061992.html http://secunia.com/advisories/45047 http://secunia.com/advisories/45067 http://secunia.com/advisories/45088 http://secunia.com/advisories/45144 http://secunia.com/ • CWE-255: Credentials Management Errors •

CVSS: 6.8EPSS: 4%CPEs: 35EXPL: 0

CVE-2010-0734 – curl: zlib-compression causes curl to pass more than CURL_MAX_WRITE_SIZE bytes to write callback

https://notcve.org/view.php?id=CVE-2010-0734

content_encoding.c in libcurl 7.10.5 through 7.19.7, when zlib is enabled, does not properly restrict the amount of callback data sent to an application that requests automatic decompression, which might allow remote attackers to cause a denial of service (application crash) or have unspecified other impact by sending crafted compressed data to an application that relies on the intended data-length limit. content_encoding.c en libcurl v7.10.5 hasta v7.19.7, cuando zlib está habilitado, no restringe adecuadamente la cantidad de datos de llamadas devueltas, enviadas a una aplicación que descomprime automaticamente las peticiones, lo que podría permitir a un atacante remoto provocar una denegación de servicio (caída de aplicación) o tener o tro impacto sin especificar mediante el envío de datos comprimidos manipulados a una aplicación que se basa en el límite destinado data-length. • http://curl.haxx.se/docs/adv_20100209.html http://curl.haxx.se/docs/security.html#20100209 http://curl.haxx.se/libcurl-contentencoding.patch http://lists.apple.com/archives/security-announce/2010//Jun/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/036744.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037143.html http://secunia.com/advisories/38843 http://secunia.com/advisories/38981 http://secunia.com/advisories/39087 http:&#x • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 0%CPEs: 74EXPL: 0

CVE-2009-2417 – curl: incorrect verification of SSL certificate with NUL in name

https://notcve.org/view.php?id=CVE-2009-2417

lib/ssluse.c in cURL and libcurl 7.4 through 7.19.5, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. lib/ssluse.c en cURL y libcurl v7.4 hasta v7.19.5, cuando se usa OpenSSL, no maneja de forma aecuada el caracter '\0' en un nombre de dominio en el campo sujeto del Common Name (CN) de un certificado X.509, lo que permite a atacantes de hombre en el medio hacer un spoofing de servidores SSL a través de la un certificado de una autoridad de Certificación legítima, manipulado, relativo a CVE_2009-2408. • http://curl.haxx.se/CVE-2009-2417/curl-7.10.6-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.11.0-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.12.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.1-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.15.5-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417/curl-7.16.4-CVE-2009-2417.patch http://curl.haxx.se/CVE-2009-2417 • CWE-310: Cryptographic Issues •