Vulnerabilidades en The Curl Project
17 resultadosCVE-2019-3822HIGHlibcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3EPSS 12.8%CVE-2016-8624MEDIUMcurl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, andEPSS 5.9%CVE-2018-16839MEDIUMCurl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.EPSS 5.8%CVE-2018-16890MEDIUMlibcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 EPSS 5.4%CVE-2016-8619MEDIUMThe function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.EPSS 5.0%CVE-2016-8621MEDIUMThe `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit shorEPSS 4.9%CVE-2016-8622LOWThe URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would beEPSS 4.7%CVE-2016-8618MEDIUMThe libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` muEPSS 4.6%CVE-2016-8615MEDIUMA flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequEPSS 4.5%CVE-2016-8620MEDIUMThe 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled inEPSS 4.4%CVE-2016-8625MEDIUMcurl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and EPSS 4.3%CVE-2019-3823MEDIUMlibcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP.EPSS 4.3%CVE-2016-8616LOWA flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and passEPSS 3.5%CVE-2018-16840MEDIUMA heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closingEPSS 3.3%CVE-2016-8623LOWA flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to inEPSS 2.6%CVE-2018-16842MEDIUMCurl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in iEPSS 2.1%CVE-2016-8617LOWThe base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at leastEPSS 0.6%