VYPR
High severity7.8OSV Advisory· Published Jun 24, 2016· Updated Jun 17, 2026

CVE-2016-4802

CVE-2016-4802

Description

Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Curl/CurlOSV3 versions
    before_ftp_statemachine, before_urldata_rename, curl-6_5, …+ 2 more
    • (no CPE)range: before_ftp_statemachine, before_urldata_rename, curl-6_5, …
    • cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*range: <=7.49.0
    • (no CPE)range: <7.49.1
  • Curl/Libcurlllm-fuzzy
    Range: <7.49.1

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.