This CPE summary could be partial or incomplete. Please contact us for a detailed listing.

Summary

Detail
Vendor Haxx First view 2018-05-24
Product Curl Last view 2020-12-14
Version 7.59.0 Type Application
Update *  
Edition *  
Language *  
Sofware Edition *  
Target Software *  
Target Hardware *  
Other *  
 
CPE Product cpe:2.3:a:haxx:curl

Activity : Overall

Related : CVE

  Date Alert Description
3.7 2020-12-14 CVE-2020-8284

A malicious server can use the FTP PASV response to trick curl 7.73.0 and earlier into connecting back to a given IP address and port, and this way potentially make curl extract information about services that are otherwise private and not disclosed, for example doing port scanning and service banner extractions.

7.1 2020-12-14 CVE-2020-8177

curl 7.20.0 through 7.70.0 is vulnerable to improper restriction of names for files and other resources that can lead too overwriting a local file when the -J flag is used.

7.5 2020-12-14 CVE-2020-8169

curl 7.62.0 through 7.70.0 is vulnerable to an information disclosure vulnerability that can lead to a partial password being leaked over the network and to the DNS server(s).

9.8 2019-09-16 CVE-2019-5482

Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.

9.8 2019-09-16 CVE-2019-5481

Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.

7.8 2019-07-02 CVE-2019-5443

A non-privileged user or program can put code and a config file in a known non-privileged path (under C:/usr/local/) that will make curl <= 7.65.1 automatically run the code (as an openssl "engine") on invocation. If that curl is invoked by a privileged user it can do anything it wants.

3.7 2019-05-28 CVE-2019-5435

An integer overflow in curl's URL API results in a buffer overflow in libcurl 7.62.0 to and including 7.64.1.

9.1 2018-10-31 CVE-2018-16842

Curl versions 7.14.1 through 7.61.1 are vulnerable to a heap-based buffer over-read in the tool_msgs.c:voutf() function that may result in information exposure and denial of service.

9.8 2018-10-31 CVE-2018-16840

A heap use-after-free flaw was found in curl versions from 7.59.0 through 7.61.1 in the code related to closing an easy handle. When closing and cleaning up an 'easy' handle in the `Curl_close()` function, the library code first frees a struct (without nulling the pointer) and might then subsequently erroneously write to a struct field within that already freed struct.

9.8 2018-10-31 CVE-2018-16839

Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.

9.8 2018-07-11 CVE-2018-0500

Curl_smtp_escape_eob in lib/smtp.c in curl 7.54.1 to and including curl 7.60.0 has a heap-based buffer overflow that might be exploitable by an attacker who can control the data that curl transmits over SMTP with certain settings (i.e., use of a nonstandard --limit-rate argument or CURLOPT_BUFFERSIZE value).

9.1 2018-05-24 CVE-2018-1000301

curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability appears to have been fixed in curl < 7.20.0 and curl >= 7.60.0.

9.8 2018-05-24 CVE-2018-1000300

curl version curl 7.54.1 to and including curl 7.59.0 contains a CWE-122: Heap-based Buffer Overflow vulnerability in denial of service and more that can result in curl might overflow a heap based memory buffer when closing down an FTP connection with very long server command replies.. This vulnerability appears to have been fixed in curl < 7.54.1 and curl >= 7.60.0.

CWE : Common Weakness Enumeration

%idName
15% (2) CWE-787 Out-of-bounds Write
15% (2) CWE-200 Information Exposure
15% (2) CWE-125 Out-of-bounds Read
7% (1) CWE-416 Use After Free
7% (1) CWE-415 Double Free
7% (1) CWE-190 Integer Overflow or Wraparound
7% (1) CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflo...
7% (1) CWE-119 Failure to Constrain Operations within the Bounds of a Memory Buffer
7% (1) CWE-94 Failure to Control Generation of Code ('Code Injection')
7% (1) CWE-74 Failure to Sanitize Data into a Different Plane ('Injection')

Nessus® Vulnerability Scanner

This CPE have more than 25 Relations. If you want to see a complete summary for this CPE, please contact us.
id Description
2019-01-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2019-1139.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-fdc4ca8675.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-fa01002d7e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-7785911c9e.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-69bac0f51c.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-57779d51c1.nasl - Type: ACT_GATHER_INFO
2019-01-03 Name: The remote Fedora host is missing a security update.
File: fedora_2018-298a3d2923.nasl - Type: ACT_GATHER_INFO
2018-11-16 Name: The remote CentOS host is missing one or more security updates.
File: centos_RHSA-2018-3157.nasl - Type: ACT_GATHER_INFO
2018-11-07 Name: The remote Debian host is missing a security update.
File: debian_DLA-1568.nasl - Type: ACT_GATHER_INFO
2018-11-05 Name: The remote Debian host is missing a security-related update.
File: debian_DSA-4331.nasl - Type: ACT_GATHER_INFO
2018-11-02 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_e0ab177307c146c691704c5e81c00927.nasl - Type: ACT_GATHER_INFO
2018-11-01 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-304-01.nasl - Type: ACT_GATHER_INFO
2018-10-26 Name: The remote EulerOS Virtualization host is missing multiple security updates.
File: EulerOS_SA-2018-1330.nasl - Type: ACT_GATHER_INFO
2018-09-21 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0186.nasl - Type: ACT_GATHER_INFO
2018-09-21 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0096.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-2_0-0068.nasl - Type: ACT_GATHER_INFO
2018-08-17 Name: The remote PhotonOS host is missing multiple security updates.
File: PhotonOS_PHSA-2018-1_0-0158.nasl - Type: ACT_GATHER_INFO
2018-08-10 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1052.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201807-04.nasl - Type: ACT_GATHER_INFO
2018-07-30 Name: The remote FreeBSD host is missing a security-related update.
File: freebsd_pkg_3849e28f869311e896109c5c8e75236a.nasl - Type: ACT_GATHER_INFO
2018-07-12 Name: The remote Slackware host is missing a security update.
File: Slackware_SSA_2018-192-02.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1203.nasl - Type: ACT_GATHER_INFO
2018-07-03 Name: The remote EulerOS host is missing multiple security updates.
File: EulerOS_SA-2018-1202.nasl - Type: ACT_GATHER_INFO
2018-06-20 Name: The remote Gentoo host is missing one or more security-related patches.
File: gentoo_GLSA-201806-05.nasl - Type: ACT_GATHER_INFO
2018-06-12 Name: The remote Amazon Linux 2 host is missing a security update.
File: al2_ALAS-2018-1029.nasl - Type: ACT_GATHER_INFO