Vulnerabilities > Haxx > Libcurl
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-01-24 | CVE-2018-1000005 | Out-of-bounds Read vulnerability in multiple products libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers. | 6.4 |
2017-11-29 | CVE-2017-8818 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl and Libcurl curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library. | 7.5 |
2017-11-29 | CVE-2017-8817 | Out-of-bounds Read vulnerability in multiple products The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character. | 7.5 |
2017-11-29 | CVE-2017-8816 | Integer Overflow or Wraparound vulnerability in multiple products The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields. | 7.5 |
2017-10-31 | CVE-2017-1000257 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products An IMAP FETCH response line indicates the size of the returned data, in number of bytes. | 6.4 |
2017-10-06 | CVE-2017-1000254 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Libcurl libcurl may read outside of a heap allocated buffer when doing FTP. | 7.5 |
2017-10-05 | CVE-2017-1000100 | Information Exposure vulnerability in Haxx Libcurl When doing a TFTP transfer and curl/libcurl is given a URL that contains a very long file name (longer than about 515 bytes), the file name is truncated to fit within the buffer boundaries, but the buffer size is still wrongly updated to use the untruncated length. | 4.3 |
2017-10-05 | CVE-2017-1000099 | Information Exposure vulnerability in Haxx Libcurl 7.54.1 When asking to get a file from a file:// URL, libcurl provides a feature that outputs meta-data about the file using HTTP-like headers. | 4.3 |
2016-10-07 | CVE-2016-7167 | Integer Overflow or Wraparound vulnerability in multiple products Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. | 9.8 |
2016-10-03 | CVE-2016-7141 | Improper Authentication vulnerability in multiple products curl and libcurl before 7.50.2, when built with NSS and the libnsspem.so library is available at runtime, allow remote attackers to hijack the authentication of a TLS connection by leveraging reuse of a previously loaded client certificate from file for a connection for which no certificate has been set, a different vulnerability than CVE-2016-5420. | 5.0 |