cURL -- multiple vulnerabilities
| Affected packages |
| 7.1 |
<= |
curl |
< |
7.51.0 |
|
Details
| VuXML ID |
765feb7d-a0d1-11e6-a881-b499baebfeaf |
| Discovery |
2016-11-02 |
| Entry |
2016-11-02 |
The cURL project reports
- cookie injection for other servers
- case insensitive password comparison
- OOB write via unchecked multiplication
- double-free in curl_maprintf
- double-free in krb5 code
- glob parser write/read out of bounds
- curl_getdate read out of bounds
- URL unescape heap overflow via integer truncation
- Use-after-free via shared cookies
- invalid URL parsing with '#'
- IDNA 2003 makes curl use wrong host
References
| CVE Name |
CVE-2016-8615 |
| CVE Name |
CVE-2016-8616 |
| CVE Name |
CVE-2016-8617 |
| CVE Name |
CVE-2016-8618 |
| CVE Name |
CVE-2016-8619 |
| CVE Name |
CVE-2016-8620 |
| CVE Name |
CVE-2016-8621 |
| CVE Name |
CVE-2016-8622 |
| CVE Name |
CVE-2016-8623 |
| CVE Name |
CVE-2016-8624 |
| CVE Name |
CVE-2016-8625 |
| URL |
https://curl.haxx.se/docs/security.html |
Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright
information.