CVE-2016-4802
published 2016-06-24CVE-2016-4802: Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute…
PriorityP433high7.8CVSS 3.0
AVLACLPRLUINSUCHIHAH
EPSS
0.61%
70.4th percentile
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | curl | — | — |
| haxx | curl | <= 7.49.0 | — |
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vendor_debian7.8LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2016-4802: curl - Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1...
vendor_debian·2016·CVSS 7.8
CVE-2016-4802 [HIGH] CVE-2016-4802: curl - Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1...
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-7g2f-f5p3-7xg4: Multiple untrusted search path vulnerabilities in cURL and libcurl before 7
ghsa_unreviewed·2022-05-17
CVE-2016-4802 [HIGH] GHSA-7g2f-f5p3-7xg4: Multiple untrusted search path vulnerabilities in cURL and libcurl before 7
Multiple untrusted search path vulnerabilities in cURL and libcurl before 7.49.1, when built with SSPI or telnet is enabled, allow local users to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse (1) security.dll, (2) secur32.dll, or (3) ws2_32.dll in the application or current working directory.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2016-06-24
Published