Filtered by vendor Haxx
Subscribe
Total
143 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2023-28321 | 5 Apple, Debian, Fedoraproject and 2 more | 14 Macos, Debian Linux, Fedora and 11 more | 2023-12-10 | N/A | 5.9 MEDIUM |
An improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as "Subject Alternative Name" in TLS server certificates. curl can be built to use its own name matching function for TLS rather than one provided by a TLS library. This private wildcard matching function would match IDN (International Domain Name) hosts incorrectly and could as a result accept patterns that otherwise should mismatch. IDN hostnames are converted to puny code before used for certificate checks. Puny coded names always start with `xn--` and should not be allowed to pattern match, but the wildcard check in curl could still check for `x*`, which would match even though the IDN name most likely contained nothing even resembling an `x`. | |||||
CVE-2023-28320 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2023-12-10 | N/A | 5.9 MEDIUM |
A denial of service vulnerability exists in curl <v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using `alarm()` and `siglongjmp()`. When doing this, libcurl used a global buffer that was not mutex protected and a multi-threaded application might therefore crash or otherwise misbehave. | |||||
CVE-2023-28319 | 3 Apple, Haxx, Netapp | 12 Macos, Curl, Clustered Data Ontap and 9 more | 2023-12-10 | N/A | 7.5 HIGH |
A use after free vulnerability exists in curl <v8.1.0 in the way libcurl offers a feature to verify an SSH server's public key using a SHA 256 hash. When this check fails, libcurl would free the memory for the fingerprint before it returns an error message containing the (now freed) hash. This flaw risks inserting sensitive heap-based data into the error message that might be shown to users or otherwise get leaked and revealed. | |||||
CVE-2016-4606 | 2 Apple, Haxx | 2 Mac Os X, Curl | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Curl before 7.49.1 in Apple OS X before macOS Sierra prior to 10.12 allows remote or local attackers to execute arbitrary code, gain sensitive information, cause denial-of-service conditions, bypass security restrictions, and perform unauthorized actions. This may aid in other attacks. | |||||
CVE-2019-5435 | 1 Haxx | 1 Curl | 2023-12-10 | 4.3 MEDIUM | 3.7 LOW |
An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. | |||||
CVE-2019-5482 | 6 Debian, Fedoraproject, Haxx and 3 more | 17 Debian Linux, Fedora, Curl and 14 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | |||||
CVE-2019-5436 | 7 Debian, F5, Fedoraproject and 4 more | 11 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 8 more | 2023-12-10 | 4.6 MEDIUM | 7.8 HIGH |
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |||||
CVE-2019-5443 | 4 Haxx, Microsoft, Netapp and 1 more | 10 Curl, Windows, Oncommand Insight and 7 more | 2023-12-10 | 4.4 MEDIUM | 7.8 HIGH |
A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. | |||||
CVE-2019-5481 | 6 Debian, Fedoraproject, Haxx and 3 more | 13 Debian Linux, Fedora, Curl and 10 more | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |||||
CVE-2018-16890 | 8 Canonical, Debian, F5 and 5 more | 10 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 7 more | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. | |||||
CVE-2016-8620 | 1 Haxx | 1 Curl | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | |||||
CVE-2018-16840 | 2 Canonical, Haxx | 2 Ubuntu Linux, Curl | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct. | |||||
CVE-2016-8623 | 1 Haxx | 1 Curl | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. | |||||
CVE-2016-8617 | 1 Haxx | 1 Curl | 2023-12-10 | 4.4 MEDIUM | 7.0 HIGH |
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. | |||||
CVE-2018-0500 | 2 Canonical, Haxx | 2 Ubuntu Linux, Curl | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value). | |||||
CVE-2016-8616 | 1 Haxx | 1 Curl | 2023-12-10 | 4.3 MEDIUM | 5.9 MEDIUM |
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped credentials, an attacker can cause that connection to be reused if s/he knows the case-insensitive version of the correct password. | |||||
CVE-2003-1605 | 1 Haxx | 1 Curl | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote server. | |||||
CVE-2016-8619 | 1 Haxx | 1 Curl | 2023-12-10 | 7.5 HIGH | 9.8 CRITICAL |
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. | |||||
CVE-2018-14618 | 4 Canonical, Debian, Haxx and 1 more | 4 Ubuntu Linux, Debian Linux, Libcurl and 1 more | 2023-12-10 | 10.0 HIGH | 9.8 CRITICAL |
curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) | |||||
CVE-2016-8615 | 1 Haxx | 1 Curl | 2023-12-10 | 5.0 MEDIUM | 7.5 HIGH |
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. |