Haxx

Curl

134 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2016-8618

  • EPSS 1.65%
  • Veröffentlicht 31.07.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:59:41

The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.

7.5

CVE-2016-8624

  • EPSS 1.35%
  • Veröffentlicht 31.07.2018 21:29:00
  • Zuletzt bearbeitet 21.11.2024 02:59:42

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for ...

6.5

CVE-2017-2629

  • EPSS 0.36%
  • Veröffentlicht 27.07.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:23:52

curl before 7.53.0 has an incorrect TLS Certificate Status Request extension feature that asks for a fresh proof of the server's certificate's validity in the code that checks for a test success or failure. It ends up always thinking there's valid pr...

9.8

CVE-2018-0500

Exploit
  • EPSS 1.15%
  • Veröffentlicht 11.07.2018 13:29:00
  • Zuletzt bearbeitet 21.11.2024 03:38:21

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nons...

9.8

CVE-2018-1000300

  • EPSS 0.89%
  • Veröffentlicht 24.05.2018 13:29:01
  • Zuletzt bearbeitet 21.11.2024 03:39:58

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection wit...

9.1

CVE-2018-1000301

  • EPSS 2.76%
  • Veröffentlicht 24.05.2018 13:29:01
  • Zuletzt bearbeitet 21.11.2024 03:39:58

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP...

8.1

CVE-2016-9594

  • EPSS 1.09%
  • Veröffentlicht 23.04.2018 19:29:00
  • Zuletzt bearbeitet 21.11.2024 03:01:28

curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. Having a weak or virtually non-existent random value makes the operations that use it vulnerable.

8.1

CVE-2016-9586

  • EPSS 0.89%
  • Veröffentlicht 23.04.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:01:26

curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary...

9.8

CVE-2018-1000120

  • EPSS 1.54%
  • Veröffentlicht 14.03.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:43

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

7.5

CVE-2018-1000121

  • EPSS 3.15%
  • Veröffentlicht 14.03.2018 18:29:00
  • Zuletzt bearbeitet 21.11.2024 03:39:43

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service