rpm package
suse/curl&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP1
pkg:rpm/suse/curl&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-5482 | Cri | 9.8 | < 7.37.0-37.43.1 | 7.37.0-37.43.1 | Sep 16, 2019 | Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3. | |
| CVE-2019-5436 | Hig | 7.8 | < 7.37.0-37.40.1 | 7.37.0-37.40.1 | May 28, 2019 | A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1. | |
| CVE-2019-3823 | — | < 7.37.0-37.34.1 | 7.37.0-37.34.1 | Feb 6, 2019 | libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5, | ||
| CVE-2019-3822 | — | < 7.37.0-37.34.1 | 7.37.0-37.34.1 | Feb 6, 2019 | libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received | ||
| CVE-2018-16890 | — | < 7.37.0-37.34.1 | 7.37.0-37.34.1 | Feb 6, 2019 | libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulne | ||
| CVE-2018-16839 | — | < 7.37.0-37.37.1 | 7.37.0-37.37.1 | Oct 31, 2018 | Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service. | ||
| CVE-2016-8623 | — | < 7.37.0-31.1 | 7.37.0-31.1 | Aug 1, 2018 | A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure. | ||
| CVE-2016-8620 | — | < 7.37.0-31.1 | 7.37.0-31.1 | Aug 1, 2018 | The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input. | ||
| CVE-2016-8619 | — | < 7.37.0-31.1 | 7.37.0-31.1 | Aug 1, 2018 | The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free. | ||
| CVE-2016-8616 | — | < 7.37.0-31.1 | 7.37.0-31.1 | Aug 1, 2018 | A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connectio | ||
| CVE-2016-8615 | — | < 7.37.0-31.1 | 7.37.0-31.1 | Aug 1, 2018 | A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar. | ||
| CVE-2016-8621 | — | < 7.37.0-31.1 | 7.37.0-31.1 | Jul 31, 2018 | The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short. | ||
| CVE-2016-8617 | — | < 7.37.0-31.1 | 7.37.0-31.1 | Jul 31, 2018 | The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`. | ||
| CVE-2016-8624 | — | < 7.37.0-31.1 | 7.37.0-31.1 | Jul 31, 2018 | curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that | ||
| CVE-2016-8622 | — | < 7.37.0-31.1 | 7.37.0-31.1 | Jul 31, 2018 | The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus th | ||
| CVE-2016-8618 | — | < 7.37.0-31.1 | 7.37.0-31.1 | Jul 31, 2018 | The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables. | ||
| CVE-2018-1000301 | Cri | 9.1 | < 7.37.0-37.23.1 | 7.37.0-37.23.1 | May 24, 2018 | curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability | |
| CVE-2016-9586 | — | < 7.37.0-36.1 | 7.37.0-36.1 | Apr 23, 2018 | curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could all | ||
| CVE-2017-7407 | Low | 2.4 | < 7.37.0-36.1 | 7.37.0-36.1 | Apr 3, 2017 | The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character, | |
| CVE-2016-7167 | Cri | 9.8 | < 7.37.0-31.1 | 7.37.0-31.1 | Oct 7, 2016 | Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow. |
- affected < 7.37.0-37.43.1fixed 7.37.0-37.43.1
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
- affected < 7.37.0-37.40.1fixed 7.37.0-37.40.1
A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl versions 7.19.4 through 7.64.1.
- CVE-2019-3823Feb 6, 2019affected < 7.37.0-37.34.1fixed 7.37.0-37.34.1
libcurl versions from 7.34.0 to before 7.64.0 are vulnerable to a heap out-of-bounds read in the code handling the end-of-response for SMTP. If the buffer passed to `smtp_endofresp()` isn't NUL terminated and contains no character ending the parsed number, and `len` is set to 5,
- CVE-2019-3822Feb 6, 2019affected < 7.37.0-37.34.1fixed 7.37.0-37.34.1
libcurl versions from 7.36.0 to before 7.64.0 are vulnerable to a stack-based buffer overflow. The function creating an outgoing NTLM type-3 header (`lib/vauth/ntlm.c:Curl_auth_create_ntlm_type3_message()`), generates the request HTTP header contents based on previously received
- CVE-2018-16890Feb 6, 2019affected < 7.37.0-37.34.1fixed 7.37.0-37.34.1
libcurl versions from 7.36.0 to before 7.64.0 is vulnerable to a heap buffer out-of-bounds read. The function handling incoming NTLM type-2 messages (`lib/vauth/ntlm.c:ntlm_decode_type2_target`) does not validate incoming data correctly and is subject to an integer overflow vulne
- CVE-2018-16839Oct 31, 2018affected < 7.37.0-37.37.1fixed 7.37.0-37.37.1
Curl versions 7.33.0 through 7.61.1 are vulnerable to a buffer overrun in the SASL authentication code that may lead to denial of service.
- CVE-2016-8623Aug 1, 2018affected < 7.37.0-31.1fixed 7.37.0-31.1
A flaw was found in curl before version 7.51.0. The way curl handles cookies permits other threads to trigger a use-after-free leading to information disclosure.
- CVE-2016-8620Aug 1, 2018affected < 7.37.0-31.1fixed 7.37.0-31.1
The 'globbing' feature in curl before version 7.51.0 has a flaw that leads to integer overflow and out-of-bounds read via user controlled input.
- CVE-2016-8619Aug 1, 2018affected < 7.37.0-31.1fixed 7.37.0-31.1
The function `read_data()` in security.c in curl before version 7.51.0 is vulnerable to memory double free.
- CVE-2016-8616Aug 1, 2018affected < 7.37.0-31.1fixed 7.37.0-31.1
A flaw was found in curl before version 7.51.0 When re-using a connection, curl was doing case insensitive comparisons of user name and password with the existing connections. This means that if an unused connection with proper credentials exists for a protocol that has connectio
- CVE-2016-8615Aug 1, 2018affected < 7.37.0-31.1fixed 7.37.0-31.1
A flaw was found in curl before version 7.51. If cookie state is written into a cookie jar file that is later read back and used for subsequent requests, a malicious HTTP server can inject new cookies for arbitrary domains into said cookie jar.
- CVE-2016-8621Jul 31, 2018affected < 7.37.0-31.1fixed 7.37.0-31.1
The `curl_getdate` function in curl before version 7.51.0 is vulnerable to an out of bounds read if it receives an input with one digit short.
- CVE-2016-8617Jul 31, 2018affected < 7.37.0-31.1fixed 7.37.0-31.1
The base64 encode function in curl before version 7.51.0 is prone to a buffer being under allocated in 32bit systems if it receives at least 1Gb as input via `CURLOPT_USERNAME`.
- CVE-2016-8624Jul 31, 2018affected < 7.37.0-31.1fixed 7.37.0-31.1
curl before version 7.51.0 doesn't parse the authority component of the URL correctly when the host name part ends with a '#' character, and could instead be tricked into connecting to a different host. This may have security implications if you for example use an URL parser that
- CVE-2016-8622Jul 31, 2018affected < 7.37.0-31.1fixed 7.37.0-31.1
The URL percent-encoding decode function in libcurl before 7.51.0 is called `curl_easy_unescape`. Internally, even if this function would be made to allocate a unscape destination buffer larger than 2GB, it would return that new length in a signed 32 bit integer variable, thus th
- CVE-2016-8618Jul 31, 2018affected < 7.37.0-31.1fixed 7.37.0-31.1
The libcurl API function called `curl_maprintf()` before version 7.51.0 can be tricked into doing a double-free due to an unsafe `size_t` multiplication, on systems using 32 bit `size_t` variables.
- affected < 7.37.0-37.23.1fixed 7.37.0-37.23.1
curl version curl 7.20.0 to and including curl 7.59.0 contains a CWE-126: Buffer Over-read vulnerability in denial of service that can result in curl can be tricked into reading data beyond the end of a heap based buffer used to store downloaded RTSP content.. This vulnerability
- CVE-2016-9586Apr 23, 2018affected < 7.37.0-36.1fixed 7.37.0-36.1
curl before version 7.52.0 is vulnerable to a buffer overflow when doing a large floating point output in libcurl's implementation of the printf() functions. If there are any application that accepts a format string from the outside without necessary input filtering, it could all
- affected < 7.37.0-36.1fixed 7.37.0-36.1
The ourWriteOut function in tool_writeout.c in curl 7.53.1 might allow physically proximate attackers to obtain sensitive information from process memory in opportunistic circumstances by reading a workstation screen during use of a --write-out argument ending in a '%' character,
- affected < 7.37.0-31.1fixed 7.37.0-31.1
Multiple integer overflows in the (1) curl_escape, (2) curl_easy_escape, (3) curl_unescape, and (4) curl_easy_unescape functions in libcurl before 7.50.3 allow attackers to have unspecified impact via a string of length 0xffffffff, which triggers a heap-based buffer overflow.
Page 1 of 2