Vulnerabilities > Haxx

DATE CVE VULNERABILITY TITLE RISK
2018-03-12 CVE-2016-9953 Out-of-bounds Read vulnerability in Haxx Curl
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, allows remote attackers to obtain sensitive information, cause a denial of service (crash), or possibly have unspecified other impact via a wildcard certificate name, which triggers an out-of-bounds read.
network
low complexity
haxx CWE-125
critical
9.8
2018-03-12 CVE-2016-9952 Improper Certificate Validation vulnerability in Haxx Curl
The verify_certificate function in lib/vtls/schannel.c in libcurl 7.30.0 through 7.51.0, when built for Windows CE using the schannel TLS backend, makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted wildcard SAN in a server certificate, as demonstrated by "*.com."
network
high complexity
haxx CWE-295
8.1
2018-03-12 CVE-2017-2628 Unspecified vulnerability in Haxx Curl 7.19.7
curl, as shipped in Red Hat Enterprise Linux 6 before version 7.19.7-53, did not correctly backport the fix for CVE-2015-3148 because it did not reflect the fact that the HAVE_GSSAPI define was meanwhile substituted by USE_HTTP_NEGOTIATE.
network
low complexity
haxx
critical
9.8
2018-01-24 CVE-2018-1000007 libcurl 7.1 through 7.57.0 might accidentally leak authentication data to third parties.
network
low complexity
haxx debian canonical redhat fujitsu
critical
9.8
2018-01-24 CVE-2018-1000005 Out-of-bounds Read vulnerability in multiple products
libcurl 7.49.0 to and including 7.57.0 contains an out bounds read in code handling HTTP/2 trailers.
network
low complexity
haxx debian canonical CWE-125
critical
9.1
2017-11-29 CVE-2017-8818 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Curl and Libcurl
curl and libcurl before 7.57.0 on 32-bit platforms allow attackers to cause a denial of service (out-of-bounds access and application crash) or possibly have unspecified other impact because too little memory is allocated for interfacing to an SSL library.
network
low complexity
haxx CWE-119
critical
9.8
2017-11-29 CVE-2017-8817 Out-of-bounds Read vulnerability in multiple products
The FTP wildcard function in curl and libcurl before 7.57.0 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) or possibly have unspecified other impact via a string that ends with an '[' character.
network
low complexity
haxx debian CWE-125
critical
9.8
2017-11-29 CVE-2017-8816 Integer Overflow or Wraparound vulnerability in multiple products
The NTLM authentication feature in curl and libcurl before 7.57.0 on 32-bit platforms allows attackers to cause a denial of service (integer overflow and resultant buffer overflow, and application crash) or possibly have unspecified other impact via vectors involving long user and password fields.
network
low complexity
haxx debian CWE-190
critical
9.8
2017-10-31 CVE-2017-1000257 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products
An IMAP FETCH response line indicates the size of the returned data, in number of bytes.
network
low complexity
haxx debian CWE-119
critical
9.1
2017-10-06 CVE-2017-1000254 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Haxx Libcurl
libcurl may read outside of a heap allocated buffer when doing FTP.
network
low complexity
haxx CWE-119
7.5