KLA10859Security bypass vulnerabilities in cURL

2016-08-03T00:00:00
ID KLA10859
Type kaspersky
Reporter Kaspersky Lab
Modified 2019-03-07T00:00:00

Description

Detect date:

08/03/2016

Severity:

Critical

Description:

Multiple serious vulnerabilities have been found in cURL. Malicious users can exploit these vulnerabilities to bypass security restrictions.

Affected products:

cURL and libcurl versions earlier than 7.50.1

Solution:

Update to the latest version or apply patches
patch for CVE-2016-5421
patch for CVE-2016-5420
cURL download page
patch for CVE-2016-5419

Original advisories:

cURL vulnerabilities table and advisories

Impacts:

SB

CVE-IDS:

CVE-2016-54217.5Critical
CVE-2016-54205.0Critical
CVE-2016-54195.0Critical