Lucene search
K
CurlLibcurl

4 matches found

CVE
CVE
added 2009/03/05 2:0 a.m.117 views

CVE-2009-0037

CVE-2009-0037 affects curl/libcurl 5.11–7.19.3 when CURLOPT_FOLLOWLOCATION is enabled. The redirect code accepts arbitrary Location values, allowing: (1) triggering requests to intranet servers, (2) reading/writing files via file: URLs, and (3) executing commands via scp: URLs. Affected platforms...

6.8CVSS7.8AI score0.07812EPSS
CVE
CVE
added 2009/08/14 3:0 p.m.108 views

CVE-2009-2417

CVE-2009-2417 affects lib/ssluse.c in curl/libcurl 7.4–7.19.5 when OpenSSL is used. The flaw is that a '�' character in the X.509 certificate CN may bypass domain-name checks, enabling MITM spoofing of SSL servers via certificates from a trusted CA. Impact and exploitability are described in the ...

7.5CVSS6.1AI score0.03602EPSS
CVE
CVE
added 2010/03/19 7:0 p.m.97 views

CVE-2010-0734

CVE-2010-0734 affects libcurl 7.10.5–7.19.7 when zlib is enabled. The defect in content_encoding.c allows a remote attacker to send crafted compressed data that bypasses the data-length limit, potentially causing an application crash (DoS) or other impact. Affected releases and the fix are docume...

6.8CVSS7.4AI score0.04408EPSS
CVE
CVE
added 2012/04/13 8:0 p.m.88 views

CVE-2012-0036

CVE-2012-0036 affects curl/libcurl 7.2x prior to 7.24.0. The issue arises from not correctly handling special characters when extracting a URL pathname, enabling data-injection via crafted URLs and enabling CRLF injection in IMAP/POP3/SMTP paths. The CVSS metrics in the record show a Base score o...

7.5CVSS8.3AI score0.16723EPSS