← volver
CVE-2016-8625

CVE-2016-8625

CVSS 5.3 MEDIUMEPSS 4.3%CWE-20
curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Productos afectados
The Curl Project · curl

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://access.redhat.com/errata/RHSA-2018:2486https://access.redhat.com/errata/RHSA-2018:3558https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2016-8625https://curl.haxx.se/CVE-2016-8625.patchhttps://curl.haxx.se/docs/adv_20161102K.htmlhttps://lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3Ehttps://lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3Ehttps://security.gentoo.org/glsa/201701-47https://www.tenable.com/security/tns-2016-21http://www.securityfocus.com/bid/94107http://www.securitytracker.com/id/1037192