Lucene search
OracleLinuxELSA-2019-4652HistoryMay 21, 2019 - 12:00 a.m.
curl security update
2019-05-2100:00:00
linux.oracle.com
143
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
83.8%
[7.29.0-51.0.1]
- Security Fixes [OraBug: 28939992]
- CVE-2016-8615 cookie injection for other servers (https://curl.haxx.se/docs/CVE-2016-8615.html)
- CVE-2016-8616 case insensitive password comparison (https://curl.haxx.se/docs/CVE-2016-8616.html)
- CVE-2016-8617 OOB write via unchecked multiplication (https://curl.haxx.se/docs/CVE-2016-8617.html)
- CVE-2016-8618 double-free in curl_maprintf (https://curl.haxx.se/docs/CVE-2016-8618.html)
- CVE-2016-8619 double-free in krb5 code (https://curl.haxx.se/docs/CVE-2016-8619.html)
- CVE-2016-8621 curl_getdate read out of bounds (https://curl.haxx.se/docs/CVE-2016-8621.html)
- CVE-2016-8622 URL unescape heap overflow via integer truncation (https://curl.haxx.se/docs/CVE-2016-8622.html)
- CVE-2016-8623 Use-after-free via shared cookies (https://curl.haxx.se/docs/CVE-2016-8623.html)
- CVE-2016-8624 invalid URL parsing with # (https://curl.haxx.se/docs/CVE-2016-8624.html)
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| oracle linux | 6 | src | curl | < 7.19.7-53.0.2.el6_9 | curl-7.19.7-53.0.2.el6_9.src.rpm |
| oracle linux | 6 | i686 | curl | < 7.19.7-53.0.2.el6_9 | curl-7.19.7-53.0.2.el6_9.i686.rpm |
| oracle linux | 6 | i686 | libcurl | < 7.19.7-53.0.2.el6_9 | libcurl-7.19.7-53.0.2.el6_9.i686.rpm |
| oracle linux | 6 | i686 | libcurl-devel | < 7.19.7-53.0.2.el6_9 | libcurl-devel-7.19.7-53.0.2.el6_9.i686.rpm |
| oracle linux | 6 | src | curl | < 7.19.7-53.0.2.el6_9 | curl-7.19.7-53.0.2.el6_9.src.rpm |
| oracle linux | 6 | x86_64 | curl | < 7.19.7-53.0.2.el6_9 | curl-7.19.7-53.0.2.el6_9.x86_64.rpm |
| oracle linux | 6 | i686 | libcurl | < 7.19.7-53.0.2.el6_9 | libcurl-7.19.7-53.0.2.el6_9.i686.rpm |
| oracle linux | 6 | x86_64 | libcurl | < 7.19.7-53.0.2.el6_9 | libcurl-7.19.7-53.0.2.el6_9.x86_64.rpm |
| oracle linux | 6 | i686 | libcurl-devel | < 7.19.7-53.0.2.el6_9 | libcurl-devel-7.19.7-53.0.2.el6_9.i686.rpm |
| oracle linux | 6 | x86_64 | libcurl-devel | < 7.19.7-53.0.2.el6_9 | libcurl-devel-7.19.7-53.0.2.el6_9.x86_64.rpm |
Related
osv
osv
curl - security update
2016-11-03 00:00:00
curl - security update
2016-11-17 00:00:00
CVE-2016-8620
2018-08-01 06:29:00
nessus
nessus
Fedora 24 : curl (2016-e8e8cdb4ed)
2016-11-07 00:00:00
openvas
openvas
Debian Security Advisory DSA 3705-1 (curl - security update)
2016-11-03 00:00:00
Fedora Update for curl FEDORA-2016-89769648a0
2016-12-07 00:00:00
Debian Security Advisory DSA 3705-1 (curl - security update)
2016-11-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 8 package curl version 7.51.0-alt1
2016-11-02 00:00:00
freebsd
freebsd
cURL -- multiple vulnerabilities
2016-11-02 00:00:00
slackware
slackware
[slackware-security] curl
2016-11-04 03:34:42
fedora
fedora
[SECURITY] Fedora 24 Update: curl-7.47.1-9.fc24
2016-11-06 00:28:22
[SECURITY] Fedora 25 Update: curl-7.51.0-1.fc25
2016-11-19 21:51:02
amazon
amazon
Medium: curl
2016-11-10 18:00:00
debian
debian
[SECURITY] [DSA 3705-1] curl security update
2016-11-03 23:07:00
[SECURITY] [DLA 711-1] curl security update
2016-11-17 21:45:07
archlinux
archlinux
[ASA-201611-7] curl: multiple issues
2016-11-03 00:00:00
[ASA-201611-5] lib32-libcurl-compat: multiple issues
2016-11-02 00:00:00
[ASA-201611-8] libcurl-compat: multiple issues
2016-11-03 00:00:00
ibm
ibm
suse
suse
Security update for curl (important)
2016-11-10 17:06:47
Security update for curl (important)
2016-11-03 15:08:42
Security update for curl (important)
2016-11-02 16:07:53
oraclelinux
oraclelinux
curl security and bug fix update
2019-07-30 00:00:00
curl security update
2020-10-06 00:00:00
curl security and bug fix update
2019-08-13 00:00:00
ubuntu
ubuntu
curl vulnerabilities
2016-11-03 00:00:00
cloudfoundry
cloudfoundry
USN-3123-1: curl vulnerabilities | Cloud Foundry
2016-12-13 00:00:00
myhack58
myhack58
mageia
mageia
Updated curl packages fix security vulnerability
2018-01-03 19:40:26
gentoo
gentoo
cURL: Multiple vulnerabilities
2017-01-19 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1818
2021-07-02 16:36:57
redhat
redhat
veracode
veracode
Denial Of Service (DoS)
2018-08-02 09:30:31
Denial Of Service (DoS)
2018-07-18 10:26:30
Remote Security Bypass
2018-08-02 06:56:35
redhatcve
redhatcve
debiancve
debiancve
alpinelinux
alpinelinux
cve
cve
ubuntucve
ubuntucve
prion
prion
f5
f5
K31411450 : cURL and libcurl vulnerability CVE-2016-8620
2017-05-02 00:00:00
K26899353 : libcurl vulnerability CVE-2016-8621
2017-04-19 00:00:00
K01006862 : cURL and libcurl vulnerability CVE-2016-8615
2017-04-12 00:00:00
ics
ics
Hitachi Energy MSM Product
2022-08-30 12:00:00
hackerone
hackerone
github
github
Improper Input Validation in async-http-client
2018-10-19 16:50:50
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.012 Low
EPSS
Percentile
83.8%
Related for ELSA-2019-4652