This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Haxx First view 2018-03-14
Product Curl Last view 2019-09-16
Version 7.58.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:haxx:curl

Activity : Overall

Related : CVE

  Date Alert Description
9.8 2019-09-16 CVE-2019-5482

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

9.8 2019-09-16 CVE-2019-5481

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

7.8 2019-07-02 CVE-2019-5443

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.

3.7 2019-05-28 CVE-2019-5435

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.

9.1 2018-10-31 CVE-2018-16842

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

9.8 2018-10-31 CVE-2018-16840

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

9.8 2018-10-31 CVE-2018-16839

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

9.8 2018-07-11 CVE-2018-0500

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

9.1 2018-05-24 CVE-2018-1000301

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

9.8 2018-05-24 CVE-2018-1000300

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

9.1 2018-03-14 CVE-2018-1000122

A buffer over-read exists in curl 7.20.0 to and including curl 7.58.0 in the RTSP+RTP handling code that allows an attacker to cause a denial of service or information leakage

7.5 2018-03-14 CVE-2018-1000121

A NULL pointer dereference exists in curl 7.21.0 to and including curl 7.58.0 in the LDAP code that allows an attacker to cause a denial of service

9.8 2018-03-14 CVE-2018-1000120

A buffer overflow exists in curl 7.12.3 to and including curl 7.58.0 in the FTP URL handling that allows an attacker to cause a denial of service or worse.

CWE : Common Weakness Enumeration

%idName
23% (3) CWE-787 Out-of-bounds Write
23% (3) CWE-125 Out-of-bounds Read
7% (1) CWE-476 NULL Pointer Dereference
7% (1) CWE-416 Use After Free
7% (1) CWE-415 Double Free
7% (1) CWE-190 Integer Overflow or Wraparound
7% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
7% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1139.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-fdc4ca8675.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-fa01002d7e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-bc65ab5014.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7785911c9e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-69bac0f51c.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-57779d51c1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-298a3d2923.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3157.nasl - Type: ACT_GATHER_INFO
2018-11-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1568.nasl - Type: ACT_GATHER_INFO
2018-11-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4331.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e0ab177307c146c691704c5e81c00927.nasl - Type: ACT_GATHER_INFO
2018-11-01 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-304-01.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1330.nasl - Type: ACT_GATHER_INFO
2018-09-21 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0096.nasl - Type: ACT_GATHER_INFO
2018-09-21 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0186.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0068.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0158.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0124.nasl - Type: ACT_GATHER_INFO
2018-08-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1052.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201807-04.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3849e28f869311e896109c5c8e75236a.nasl - Type: ACT_GATHER_INFO
2018-07-12 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-192-02.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1203.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1202.nasl - Type: ACT_GATHER_INFO