11 matches found
EulerOS Virtualization 2.10.0 : curl (EulerOS-SA-2024-1376)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to...
EulerOS Virtualization 2.10.1 : curl (EulerOS-SA-2024-1355)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to...
EulerOS Virtualization 2.9.0 : curl (EulerOS-SA-2024-1005)
According to the versions of the curl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to...
EulerOS 2.0 SP10 : curl (EulerOS-SA-2024-1079)
According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 prox...
CVE-2023-38546
This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application creates "easy handles" that are the individual handles for single transfers. libcurl provides a functio...
libcurl 7.9.1 < 8.4.0 Cookie Injection
The version of libcurl installed on the remote host is affected by a cookie injection vulnerability. This flaw allows an attacker to insert cookies at will into a running program using libcurl, if the specific series of conditions are met. libcurl performs transfers. In its API, an application...
Amazon Linux 2023 : curl, curl-minimal, libcurl (ALAS2023-2023-377)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-377 advisory. An issue was found in curl that can cause a buffer overflow in its SOCKS5 proxy communications code. When curl is using a SOCKS5 proxy and it needs to resolve a hostname to an IP address, its...
Mandriva Linux Security Advisory : curl (MDVSA-2014:213)
Updated curl packages fix security vulnerability : Symeon Paraschoudis discovered that the curleasyduphandle function in cURL has a bug that can lead to libcurl eventually sending off sensitive data that was not intended for sending, while performing a HTTP POST operation. This bug requires...
CVE-2014-3707
CVE-2014-3707 affects libcurl/curl prior to a non-vulnerable build when using CURLOPT_COPYPOSTFIELDS, where curl_easy_duphandle incorrectly copies HTTP POST data, causing an out-of-bounds read. Affected products/versions cited in the documents include libcurl/curl 7.17.1 through 7.38.0, enabling ...
Fedora 20 : curl-7.32.0-15.fc20 (2014-14354)
fix handling of CURLOPTCOPYPOSTFIELDS in curleasyduphandle CVE-2014-3707 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing...
CVE-2014-3707
The curleasyduphandle function in libcurl 7.17.1 through 7.38.0, when running with the CURLOPTCOPYPOSTFIELDS option, does not properly copy HTTP POST data for an easy handle, which triggers an out-of-bounds read that allows remote web servers to read sensitive memory information...