CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8625 – curl: IDNA 2003 makes curl use wrong host
https://notcve.org/view.php?id=CVE-2016-8625
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host. curl en versiones anteriores a la 7.51.0 emplea el estándar IDNA 2003 obsoleto para gestionar nombres de dominio internacionales, lo que podría hacer que los usuarios envíen peticiones de transferencia de red al host erróneo sin darse cuenta. • http://www.securityfocus.com/bid/94107 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625 https://curl.haxx.se/CVE-2016-8625.patch https://curl.haxx.se/docs/adv_20161102K.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E https://lists.apache.org/thread.html/rf4c0277 • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8615 – curl: Cookie injection for other servers
https://notcve.org/view.php?id=CVE-2016-8615
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. Se ha descubierto un problema en versiones anteriores a la 7.51 de curl. Si se escribe el estado de la cookie en un archivo jar de cookie que, posteriormente, será leído y empleado para futuras peticiones, un servidor HTTP malicioso puede inyectar nuevas cookies para dominios arbitrarios en ese jar cookie. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94096 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8615 https://curl.haxx.se/CVE-2016-8615.patch https://curl.haxx.se/docs/adv_20161102A.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissu • CWE-99: Improper Control of Resource Identifiers ('Resource Injection') CWE-254: 7PK - Security Features •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8616 – curl: Case insensitive password comparison
https://notcve.org/view.php?id=CVE-2016-8616
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. Se ha descubierto un problema en versiones anteriores a la 7.51.0 de curl. Al reutilizar una conexión, curl realizaba comparaciones no sensibles a mayúsculas del nombre de usuario y la contraseña en las conexiones existentes. Esto significa que, si existe una conexión no utilizada con credenciales adecuadas para un protocolo que tiene credenciales restringidas a la conexión, un atacante podría provocar que se reutilice esa conexión si este conoce la versión que no distingue entre mayúsculas/minúsculas de la contraseña correcta. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94094 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8616 https://curl.haxx.se/CVE-2016-8616.patch https://curl.haxx.se/docs/adv_20161102B.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/ • CWE-255: Credentials Management Errors CWE-287: Improper Authentication CWE-592: DEPRECATED: Authentication Bypass Issues •
CVSS: 7.0EPSS: 0%CPEs: 1EXPL: 0CVE-2016-8617 – curl: Out-of-bounds write via unchecked multiplication
https://notcve.org/view.php?id=CVE-2016-8617
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. La función de cifrado en base64 de curl en versiones anteriores a la 7.51.0 es propenso a que se subasigne un búfer en sistemas de 32 bits si recibe, al menos, 1Gb como entrada mediante "CURLOPT_USERNAME". • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94097 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8617 https://curl.haxx.se/CVE-2016-8617.patch https://curl.haxx.se/docs/adv_20161102C.html https://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissu • CWE-787: Out-of-bounds Write •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2016-8618 – curl: Double-free in curl_maprintf
https://notcve.org/view.php?id=CVE-2016-8618
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. La función API de libcurl llamada "curl_maprintf()" en versiones anteriores a la 7.51.0 puede ser engañada para realizar una doble liberación (double free) debido a una multiplicación "size_t" insegura en sistemas que utilizan variables "size_t" de 32 bits. • http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html http://www.securityfocus.com/bid/94098 http://www.securitytracker.com/id/1037192 https://access.redhat.com/errata/RHSA-2018:2486 https://access.redhat.com/errata/RHSA-2018:3558 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8618 https://curl.haxx.se/docs/adv_20161102D.html https://security.gentoo.org/glsa/201701-47 https://www.tenable.com/security/tns-2016-21 https://access.redhat.com/securit • CWE-415: Double Free CWE-416: Use After Free •