Filtered by vendor Haxx
Subscribe
Total
148 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2021-22890 | 8 Broadcom, Debian, Fedoraproject and 5 more | 11 Fabric Operating System, Debian Linux, Fedora and 8 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| curl 7.63.0 to and including 7.75.0 includes vulnerability that allows a malicious HTTPS proxy to MITM a connection due to bad handling of TLS 1.3 session tickets. When using a HTTPS proxy and TLS 1.3, libcurl can confuse session tickets arriving from the HTTPS proxy but work as if they arrived from the remote server and then wrongly "short-cut" the host handshake. When confusing the tickets, a HTTPS proxy can trick libcurl to use the wrong session ticket resume for the host and thereby circumvent the server TLS certificate check and make a MITM attack to be possible to perform unnoticed. Note that such a malicious HTTPS proxy needs to provide a certificate that curl will accept for the MITMed server for an attack to work - unless curl has been told to ignore the server certificate check. | |||||
| CVE-2021-22876 | 8 Broadcom, Debian, Fedoraproject and 5 more | 12 Fabric Operating System, Debian Linux, Fedora and 9 more | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| curl 7.1.1 to and including 7.75.0 is vulnerable to an "Exposure of Private Personal Information to an Unauthorized Actor" by leaking credentials in the HTTP Referer: header. libcurl does not strip off user credentials from the URL when automatically populating the Referer: HTTP request header field in outgoing HTTP requests, and therefore risks leaking sensitive data to the server that is the target of the second HTTP request. | |||||
| CVE-2020-8286 | 8 Apple, Debian, Fedoraproject and 5 more | 20 Mac Os X, Macos, Debian Linux and 17 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| curl 7.41.0 through 7.73.0 is vulnerable to an improper check for certificate revocation due to insufficient verification of the OCSP response. | |||||
| CVE-2020-8285 | 9 Apple, Debian, Fedoraproject and 6 more | 30 Mac Os X, Macos, Debian Linux and 27 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| curl 7.21.0 to and including 7.73.0 is vulnerable to uncontrolled recursion due to a stack overflow issue in FTP wildcard match parsing. | |||||
| CVE-2020-8284 | 9 Apple, Debian, Fedoraproject and 6 more | 29 Mac Os X, Macos, Debian Linux and 26 more | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions. | |||||
| CVE-2020-8231 | 5 Debian, Haxx, Oracle and 2 more | 5 Debian Linux, Libcurl, Communications Cloud Native Core Policy and 2 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data. | |||||
| CVE-2020-8177 | 5 Debian, Fujitsu, Haxx and 2 more | 16 Debian Linux, M10-1, M10-1 Firmware and 13 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used. | |||||
| CVE-2020-8169 | 4 Debian, Haxx, Siemens and 1 more | 6 Debian Linux, Curl, Simatic Tim 1531 Irc and 3 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s). | |||||
| CVE-2020-19909 | 1 Haxx | 1 Curl | 2024-11-21 | N/A | 3.3 LOW |
| Integer overflow vulnerability in tool_operate.c in curl 7.65.2 via a large value as the retry delay. NOTE: many parties report that this has no direct security impact on the curl user; however, it may (in theory) cause a denial of service to associated systems or networks if, for example, --retry-delay is misinterpreted as a value much smaller than what was intended. This is not especially plausible because the overflow only happens if the user was trying to specify that curl should wait weeks (or longer) before trying to recover from a transient error. | |||||
| CVE-2019-5482 | 6 Debian, Fedoraproject, Haxx and 3 more | 17 Debian Linux, Fedora, Curl and 14 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | |||||
| CVE-2019-5481 | 6 Debian, Fedoraproject, Haxx and 3 more | 13 Debian Linux, Fedora, Curl and 10 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3. | |||||
| CVE-2019-5443 | 4 Haxx, Microsoft, Netapp and 1 more | 10 Curl, Windows, Oncommand Insight and 7 more | 2024-11-21 | 4.4 MEDIUM | 7.8 HIGH |
| A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants. | |||||
| CVE-2019-5436 | 7 Debian, F5, Fedoraproject and 4 more | 11 Debian Linux, Traffix Signaling Delivery Controller, Fedora and 8 more | 2024-11-21 | 4.6 MEDIUM | 7.8 HIGH |
| A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |||||
| CVE-2019-5435 | 1 Haxx | 1 Curl | 2024-11-21 | 4.3 MEDIUM | 3.7 LOW |
| An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1. | |||||
| CVE-2019-3823 | 5 Canonical, Debian, Haxx and 2 more | 7 Ubuntu Linux, Debian Linux, Libcurl and 4 more | 2024-11-21 | 5.0 MEDIUM | 4.3 MEDIUM |
| libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, then the `strtol()` call reads beyond the allocated buffer. The read contents will not be returned to the caller. | |||||
| CVE-2019-3822 | 7 Canonical, Debian, Haxx and 4 more | 16 Ubuntu Linux, Debian Linux, Libcurl and 13 more | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
| libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received data. The check that exists to prevent the local buffer from getting overflowed is implemented wrongly (using unsigned math) and as such it does not prevent the overflow from happening. This output data can grow larger than the local buffer if very large 'nt response' data is extracted from a previous NTLMv2 header provided by the malicious or broken HTTP server. Such a 'large value' needs to be around 1000 bytes or more. The actual payload data copied to the target buffer comes from the NTLMv2 type-2 response header. | |||||
| CVE-2018-16890 | 8 Canonical, Debian, F5 and 5 more | 10 Ubuntu Linux, Debian Linux, Big-ip Access Policy Manager and 7 more | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulnerability. Using that overflow, a malicious or broken NTLM server could trick libcurl to accept a bad length + offset combination that would lead to a buffer read out-of-bounds. | |||||
| CVE-2018-16842 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Curl | 2024-11-21 | 6.4 MEDIUM | 4.4 MEDIUM |
| Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service. | |||||
| CVE-2018-16839 | 3 Canonical, Debian, Haxx | 3 Ubuntu Linux, Debian Linux, Curl | 2024-11-21 | 7.5 HIGH | 4.3 MEDIUM |
| Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. | |||||
| CVE-2018-14618 | 4 Canonical, Debian, Haxx and 1 more | 4 Ubuntu Linux, Debian Linux, Libcurl and 1 more | 2024-11-21 | 10.0 HIGH | 7.5 HIGH |
| curl before version 7.61.1 is vulnerable to a buffer overrun in the NTLM authentication code. The internal function Curl_ntlm_core_mk_nt_hash multiplies the length of the password by two (SUM) to figure out how large temporary storage area to allocate from the heap. The length value is then subsequently used to iterate over the password and generate output into the allocated storage buffer. On systems with a 32 bit size_t, the math to calculate SUM triggers an integer overflow when the password length exceeds 2GB (2^31 bytes). This integer overflow usually causes a very small buffer to actually get allocated instead of the intended very huge one, making the use of that buffer end up in a heap buffer overflow. (This bug is almost identical to CVE-2017-8816.) | |||||