Vulnerabilities > Haxx > Curl > 4.9
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-07-31 | CVE-2016-8617 | Out-of-bounds Write vulnerability in Haxx Curl The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. | 7.0 |
2018-07-31 | CVE-2016-8624 | Improper Input Validation vulnerability in Haxx Curl curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. | 7.5 |
2018-07-31 | CVE-2016-8618 | Double Free vulnerability in Haxx Curl The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. | 9.8 |
2018-04-23 | CVE-2016-9594 | Improper Initialization vulnerability in Haxx Curl curl before version 7.52.1 is vulnerable to an uninitialized random in libcurl's internal function that returns a good 32bit random value. | 8.1 |
2018-04-23 | CVE-2016-9586 | Heap-based Buffer Overflow vulnerability in Haxx Curl curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. | 8.1 |