KLA10859Security bypass vulnerabilities in cURL

2016-08-03T00:00:00
ID KLA10859
Type kaspersky
Reporter Kaspersky Lab
Modified 2018-10-16T00:00:00

Description

CVSS:

7.5

Detect date:

08/03/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to bypass security restrictions.

Affected products:

cURL and libcurl versions earlier than 7.50.1

Solution:

Update to the latest version or apply patches
patch for CVE-2016-5421
patch for CVE-2016-5420
cURL download page
patch for CVE-2016-5419

Original advisories:

cURL vulnerabilities table and advisories

Impacts:

SB

Related products:

cURL

CVE-IDS:

CVE-2016-5421
CVE-2016-5420
CVE-2016-5419