CVE-2016-8625Improper Input Validation in Curl

CWE-20Improper Input Validation10 documents8 sources
Severity
7.5HIGHNVD
CNA5.3
EPSS
1.5%
top 18.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Haxx CurlTHE Curl Project Curl
Timeline
PublishedAug 1
Latest updateMay 13

Description

curl before version 7.51.0 uses outdated IDNA 2003 standard to handle International Domain Names and this may lead users to potentially and unknowingly issue network transfer requests to the wrong host.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDhaxx/curl< 7.51.0
Debianhaxx/curl< 7.51.0-1+3
CVEListV5the_curl_project/curl7.51.0

Patches

Patch: bugzilla.redhat.comPatch: curl.haxx.sePatch: curl.haxx.se

🔴Vulnerability Details

3
GHSA
GHSA-33h3-8669-hjwx: curl before version 72022-05-13
CVEList
CVE-2016-8625: curl before version 72018-08-01
OSV
CVE-2016-8625: curl before version 72018-08-01

📋Vendor Advisories

3
Apple
CVE-2016-8625: macOS Sierra 10.12.2, Security Update 2016-003 El Capitan, and Security Update 2016-007 Yosemite2016-12-13
Red Hat
curl: IDNA 2003 makes curl use wrong host2016-11-02
Debian
CVE-2016-8625: curl - curl before version 7.51.0 uses outdated IDNA 2003 standard to handle Internatio...2016

💬Community

3
Bugzilla
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [epel-7]2016-11-02
Bugzilla
CVE-2016-8615 CVE-2016-8616 CVE-2016-8617 CVE-2016-8618 CVE-2016-8619 CVE-2016-8620 CVE-2016-8621 CVE-2016-8622 CVE-2016-8623 CVE-2016-8624 CVE-2016-8625 mingw-curl: various flaws [fedora-all]2016-11-02
Bugzilla
CVE-2016-8625 curl: IDNA 2003 makes curl use wrong host2016-10-25
CVE-2016-8625 — Improper Input Validation in Haxx Curl | cvebase