6 matches found
EUVD-2016-8035
Malware in sbrugna...
EUVD-2013-6234
Malware in sbrugna...
curl: Use of a Broken or Risky Cryptographic Algorithm (CWE-327) in libcurl
Summary: The DES cipher Data Encryption Standard is used in the curlntlmcore.c file of libcurl. DES is considered insecure due to its short key length 56 bits and its susceptibility to brute-force attacks. Modern cryptographic standards recommend replacing DES with AES Advanced Encryption Standar...
CVE-2017-1000254
libcurl may read outside of a heap allocated buffer when doing FTP. When libcurl connects to an FTP server and successfully logs in anonymous or not, it asks the server for the current directory with the PWD command. The server then responds with a 257 response containing the path, inside double...
CURL-CVE-2016-8617 OOB write via unchecked multiplication
In libcurl's base64 encode function, the output buffer is allocated as follows without any checks on insize: malloc insize 4 / 3 + 4 On systems with 32-bit addresses in userspace e.g. x86, ARM, x32, the multiplication in the expression wraps around if insize is at least 1GB of data. If this...
CURL-CVE-2016-4802 Windows DLL hijacking
libcurl would load Windows system DLLs in a manner that may make it vulnerable to a DLL hijacking aka binary planting attack in certain configurations. libcurl has a unified code base that builds and runs on a multitude of different versions of Windows. To make that possible, when libcurl is buil...