EUVD-2016-9469

Malware in sbrugna...

K10196624: libcurl vulnerability CVE-2016-8618

Security Advisory Description The libcurl API function called curlmaprintf before version 7.51.0 can be tricked into doing a double-free due to an unsafe sizet multiplication, on systems using 32 bit sizet variables. CVE-2016-8618 Impact A custom monitor or script that calls the curl command may...

curl: Double-free in krb5 code

The function readdata in security.c in curl before version 7.51.0 is vulnerable to memory double free...

CVE-2016-8625

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host...

ALPINE-CVE-2016-8616

A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connection-scoped...

ALPINE-CVE-2016-8623

A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure...

CVE-2016-8620

The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input...

CVE-2016-8623

A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure...

CVE-2016-8621

The curlgetdate function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short...

Out-of-bounds

The curlgetdate function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short...

CVE-2016-8621

The curlgetdate function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short...

CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...

cURL/libcURL Buffer Overflow Vulnerability

Haxx curl and libcurl are both products of the Swedish company Haxx. curl is a set of file transfer tools that utilize URL syntax to work at the command line. libcurl is a free, open source client-side URL transfer library. A buffer overflow vulnerability exists in Haxx curl and libcurl versions...

UBUNTU-CVE-2016-8621

The curlgetdate function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short...

UBUNTU-CVE-2016-8624

curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that follows the RFC t...