Vulnerabilities > Haxx > Libcurl > 7.50.1
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2017-10-05 | CVE-2017-1000100 | Information Exposure vulnerability in Haxx Libcurl When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. | 4.3 |
2016-10-07 | CVE-2016-7167 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. | 9.8 |
2016-10-03 | CVE-2016-7141 | Improper Authentication vulnerability in multiple products curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | 5.0 |