CURL-CVE-2016-8620 glob parser write/read out of bounds

The curl tool's "globbing" feature allows a user to specify a numerical range through which curl iterates. It is typically specified as 1-5, specifying the first and the last numbers in the range. Or with a-z, using letters. 1. The curl code for parsing the second unsigned number did not check fo...

cURL -- multiple vulnerabilities

The cURL project reports cookie injection for other servers case insensitive password comparison OOB write via unchecked multiplication double-free in curlmaprintf double-free in krb5 code glob parser write/read out of bounds curlgetdate read out of bounds URL unescape heap overflow via integer...

Security fix for the ALT Linux 8 package curl version 7.51.0-alt1

Nov. 2, 2016 Anton Farygin 7.51.0-alt1 - new version with security fixes: CVE-2016-8615: cookie injection for other servers CVE-2016-8616: case insensitive password comparison CVE-2016-8617: OOB write via unchecked multiplication CVE-2016-8618: double-free in curlmaprintf CVE-2016-8619: double-fr...

nodejs-minimatch: Regular expression denial-of-service

A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...

nodejs-negotiator: Regular expression denial-of-service

A regular expression denial of service flaw was found in Negotiator. An attacker able to make an application using Negotiator to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...

nodejs-minimatch: Regular expression denial-of-service

A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...

nodejs-minimatch: Regular expression denial-of-service

A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...

CVE-2016-1000023

A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU...

GNU C Library glob stack buffer overflow vulnerability

glibc is the libc library, or c runtime library, released by GNU. A stack buffer overflow vulnerability exists in the glob implementation of the GNU C Library glibc prior to version 2.24 when using GLOBALTDIRFUNC. An attacker can cause a denial of service via a long name...

DEBIAN-CVE-2016-1234

Stack-based buffer overflow in the glob implementation in GNU C Library aka glibc before 2.24, when GLOBALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service crash via a long name...

CVE-2016-1234

Stack-based buffer overflow in the glob implementation in GNU C Library aka glibc before 2.24, when GLOBALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service crash via a long name...

UBUNTU-CVE-2016-1234

Stack-based buffer overflow in the glob implementation in GNU C Library aka glibc before 2.24, when GLOBALTDIRFUNC is used, allows context-dependent attackers to cause a denial of service crash via a long name...

CVE-2008-0145

Unspecified vulnerability in glob in PHP before 4.4.8, when openbasedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663...

CVE-2005-0256

The wufnmatch function in wufnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service CPU exhaustion by recursion via a glob pattern with a large number of wildcard characters, as demonstrated using the dir command...

CVE-2015-5917

CVE-2015-5917 affects Apple OS X via tnftpd (formerly Lukemftpd). The glob processing vulnerability in tnftpd can cause memory consumption and daemon outage (DoS) when handling a STAT command containing crafted {..,..,..}/* patterns, affecting OS X versions prior to 10.11. Connected sources corro...

CVE-2015-5917

The glob implementation in tnftpd formerly lukemftpd, as used in Apple OS X before 10.11, allows remote attackers to cause a denial of service memory consumption and daemon outage via a STAT command containing a crafted pattern, as demonstrated by multiple instances of the ..,..,../ substring...

Apple OS X tnftpd Denial of Service Vulnerability

Apple OS X is an operating system developed by Apple Inc. A glob handling vulnerability in Apple OS X tnftpd allows attackers to conduct denial of service attacks against FTP servers by exploiting the vulnerability...

OpenBSD 2.x-2.8 ftpd glob() Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing...

FreeBSD 2.2-4.2,NetBSD 1.2-4.5,OpenBSD 2.x ftpd glob() Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing...

freebsd 4.2-stable ftpd glob() Buffer Overflow Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/2548/info The BSD ftp daemon and derivatives such as IRIX ftpd or the ftp daemon shipped with Kerberos 5 contain a number of buffer overflows that may lead to a compromise of root access to malicious users. During parsing...