AVG-60

Package curl
Status Fixed
Severity High
Type multiple issues
Affected 7.50.3-1
Fixed 7.51.0-1
Current 7.58.0-1 [core]
Ticket None
Created Wed Nov 2 10:38:55 2016
Issue Severity Remote Type Description
CVE-2016-8625 Medium Yes Insufficient validation
When curl is built with libidn to handle International Domain Names (IDNA), it translates them to puny code for DNS resolving using the IDNA 2003 standard,...
CVE-2016-8624 Medium Yes Insufficient validation
curl doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into...
CVE-2016-8623 High Yes Arbitrary code execution
libcurl explicitly allows users to share cookies between multiple easy handles that are concurrently employed by different threads.
When cookies to be sent...
CVE-2016-8622 High Yes Arbitrary code execution
The URL percent-encoding decode function in libcurl is called curl_easy_unescape. Internally, even if this function would be made to allocate a unscape...
CVE-2016-8621 Medium Yes Information disclosure
The curl_getdate converts a given date string into a numerical timestamp and it supports a range of different formats and possibilites to express a date and...
CVE-2016-8620 High No Arbitrary code execution
The curl tool's "globbing" feature allows a user to specify a numerical range through which curl will iterate. It is typically specified as [1-5],...
CVE-2016-8619 High Yes Arbitrary code execution
In curl's implementation of the Kerberos authentication mechanism, the function read_data() in security.c is used to fill the necessary krb5 structures....
CVE-2016-8617 High Yes Arbitrary code execution
In libcurl's base64 encode function, the output buffer is allocated as follows without any checks on insize:

malloc( insize * 4 / 3 + 4 )
On systems with...
CVE-2016-8616 Low Yes Authentication bypass
When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an...
CVE-2016-8615 Medium Yes Content spoofing
If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies...
Date Advisory Package Description
03 Nov 2016 ASA-201611-7 curl multiple issues
References
https://curl.haxx.se/changes.html#7_51_0