Linux Distros Unpatched Vulnerability : CVE-2016-8622

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a...

RHEL 6 / 7 : httpd24 (RHSA-2018:3558)

The remote Redhat Enterprise Linux 6 / 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:3558 advisory. The Apache HTTP Server is a powerful, efficient, and extensible web server. The httpd24 packages provide a recent stable release of...

curl security update

7.29.0-59.0.3.el79.2 - load CA certificates even with --insecure Orabug: 32836997 - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers...

K23391972: cURL and libcurl vulnerability CVE-2016-8622

Security Advisory Description The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable...

Slackware: Security Advisory (SSA:2016-308-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Mageia: Security Advisory (MGASA-2018-0053)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl security update

7.29.0-59.0.1 - Fix TFTP small blocksize heap buffer overflow https://curl.haxx.se/docs/CVE-2019-5482.htmlCVE-2019-5482Orabug: 30568724 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitiv...

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2017-1035)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2020 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

curl security and bug fix update

7.29.0-51.0.1.el76.3 - Security Fixes OraBug: 28939992 - CVE-2016-8615 cookie injection for other servers https://curl.haxx.se/docs/CVE-2016-8615.html - CVE-2016-8616 case insensitive password comparison https://curl.haxx.se/docs/CVE-2016-8616.html - CVE-2016-8617 OOB write via unchecked...

Moderate: Red Hat Security Advisory: httpd24 security, bug fix, and enhancement update

An update for httpd24-httpd, httpd24-nghttp2, and httpd24-curl is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...

CVE-2016-8622

The URL percent-encoding decode function in libcurl before 7.51.0 is called curleasyunescape. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus the length would get...

CVE-2016-8622

CVE-2016-8622 affects curl/libcurl’s URL percent-encoding decode path. The curl_easy_unescape function may allocate a destination buffer larger than 2 GB but store the result length in a signed 32‑bit int, causing length truncation or negative values. This can lead to writing outside the heap. Pu...

EulerOS 2.0 SP1 : curl (EulerOS-SA-2017-1036)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow...

EulerOS 2.0 SP2 : curl (EulerOS-SA-2017-1035)

According to the versions of the curl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Multiple integer overflows in the 1 curlescape, 2 curleasyescape, 3 curlunescape, and 4 curleasyunescape functions in libcurl before 7.50.3 allow...

openSUSE Security Update : curl (openSUSE-2016-1280)

This update for curl fixes the following security issues : - CVE-2016-8624: invalid URL parsing with '' bsc1005646 - CVE-2016-8623: Use-after-free via shared cookies bsc1005645 - CVE-2016-8622: URL unescape heap overflow via integer truncation bsc1005643 - CVE-2016-8621: curlgetdate read out of...

openSUSE: Security Advisory for curl (openSUSE-SU-2016:2768-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian DSA-3705-1 : curl - security update

Several vulnerabilities were discovered in cURL, an URL transfer library : - CVE-2016-8615 It was discovered that a malicious HTTP server could inject new cookies for arbitrary domains into a cookie jar. - CVE-2016-8616 It was discovered that when re-using a connection, curl was doing case...

Ubuntu: Security Advisory (USN-3123-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE SLED12 / SLES12 Security Update : curl (SUSE-SU-2016:2699-1)

This update for curl fixes the following security issues : - CVE-2016-8624: invalid URL parsing with '' bsc1005646 - CVE-2016-8623: Use-after-free via shared cookies bsc1005645 - CVE-2016-8622: URL unescape heap overflow via integer truncation bsc1005643 - CVE-2016-8621: curlgetdate read out of...

[ASA-201611-8] libcurl-compat: multiple issues

Arch Linux Security Advisory ASA-201611-8 ========================================= Severity: High Date : 2016-11-03 CVE-ID : CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8619 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 Package : libcurl-compat Type : multiple issu...